Lucene search
K

277 matches found

Debian CVE
Debian CVE
added 2026/06/17 7:13 p.m.8 views

CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.4AI score0.00335EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50539

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.4 Description Tinyproxy fails to reject requests containing multiple Content-Length headers with differing values. The software forwards all duplicate headers to the backend but uses only the first value to...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50538

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to commit ff45d3b Description Tinyproxy fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine the number o...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50530

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.3 commit 09312a1 Description Improper validation of the Host header during stathost detection allows unauthenticated attackers to access the statistics page by injecting a matching Host header or bypassing...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.3 views

Fedora 44 : tinyproxy (2026-9695fbdabb)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9695fbdabb advisory. Backport upstream fixes for CVE-2026-3945 and CVE-2026-31842. Tenable has extracted the preceding description block directly from the Fedora securit...

8.7CVSS5.5AI score0.00899EPSS
Exploits1References3
Fedora
Fedora
added 2026/04/25 1:56 a.m.5 views

[SECURITY] Fedora 44 Update: tinyproxy-1.11.2-7.fc44

tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...

8.7CVSS5.2AI score0.00899EPSS
Exploits1
Fedora
Fedora
added 2026/04/22 11:42 a.m.10 views

[SECURITY] Fedora 42 Update: tinyproxy-1.11.2-7.fc42

tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...

8.7CVSS5.2AI score0.00899EPSS
Exploits1
Fedora
Fedora
added 2026/04/22 7:50 a.m.9 views

[SECURITY] Fedora 43 Update: tinyproxy-1.11.2-7.fc43

tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...

8.7CVSS5.2AI score0.00899EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.2 views

Fedora 42 : tinyproxy (2026-d67a979089)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d67a979089 advisory. Backport upstream fixes for CVE-2026-3945 and CVE-2026-31842. Tenable has extracted the preceding description block directly from the Fedora securit...

8.7CVSS5.8AI score0.00899EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Fedora 43 : tinyproxy (2026-d8daf8790f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d8daf8790f advisory. Backport upstream fixes for CVE-2026-3945 and CVE-2026-31842. Tenable has extracted the preceding description block directly from the Fedora securit...

8.7CVSS5.8AI score0.00899EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-31842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs....

8.7CVSS5.8AI score0.00899EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.1 views

Fedora 45 : tinyproxy (2026-1c7a717dbc)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1c7a717dbc advisory. Automatic update for tinyproxy-1.11.3-2.fc45. Changelog Wed Apr 8 2026 Carl George - 1.11.3-2 - Backport upstream CVE fixes - Fixes rhbz2452969...

8.7CVSS5.8AI score0.00899EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/08 11:26 p.m.4 views

SUSE CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

8.7CVSS5.8AI score0.00899EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/07 12:31 p.m.6 views

EUVD-2026-19603

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

8.7CVSS5.9AI score0.00899EPSS
Exploits1References4
NVD
NVD
added 2026/04/07 12:16 p.m.8 views

CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

8.7CVSS0.00899EPSS
Exploits1References3
OSV
OSV
added 2026/04/07 12:16 p.m.3 views

DEBIAN-CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

8.7CVSS5.5AI score0.00899EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/07 12:16 p.m.2 views

CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

8.7CVSS5.8AI score0.00899EPSS
Exploits1References3
OSV
OSV
added 2026/04/07 12:16 p.m.5 views

UBUNTU-CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

8.7CVSS5.8AI score0.00899EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/07 11:17 a.m.4 views

CVE-2026-31842 Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

8.7CVSS5.9AI score0.00899EPSS
Exploits1References3
CVE
CVE
added 2026/04/07 11:17 a.m.22 views

CVE-2026-31842

Tinyproxy 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive Transfer-Encoding check in is_chunked_transfer() (strcmp against "chunked"). RFC 7230 requires case-insensitive transfer-coding names. An unauthenticated attacker sending Transfer-Encoding: Chunked ca...

8.7CVSS5.9AI score0.00899EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder