CVE-2011-1499

Affected software: Tinyproxy (before 1.8.3). Root cause: ACL configuration with CIDR in acl.c permits TCP connections from any IP, effectively making the proxy open. Impact: potential anonymization of traffic as the proxy can be used to hide origin. Remediation: upgrade to Tinyproxy 1.8.3 or appl...

CVE-2011-1499

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server...

Debian DSA-2222-1 : tinyproxy - incorrect ACL processing

Christoph Martin discovered that incorrect ACL processing in TinyProxy, a lightweight, non-caching, optionally anonymizing HTTP proxy, could lead to unintended network access rights. The oldstable distribution lenny is not affected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 2222-1] tinyproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2222-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 20, 2011 http://www.debian.org/security/faq -...

DSA-2222-1 tinyproxy - incorrect ACL processing

Bulletin has no description...

FreeBSD : tinyproxy -- ACL lists ineffective when range is configured (b9281fb9-61b2-11e0-b1ce-0019d1a7ece2)

When including a line to allow a network of IP addresses, the access to tinyproxy 56 is actually allowed for all IP addresses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

tinyproxy -- ACL lists ineffective when range is configured

When including a line to allow a network of IP addresses, the access to tinyproxy 56 is actually allowed for all IP addresses...

Debian: Security Advisory (DSA-145)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 018-1 (tinyproxy)

The remote host is missing an update to tinyproxy announced via advisory DSA 018-1. OpenVAS Vulnerability Test $Id: deb0181.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 018-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 018-1 (tinyproxy)

The remote host is missing an update to tinyproxy announced via advisory DSA 018-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Debian Security Advisory DSA 145-1 (tinyproxy)

The remote host is missing an update to tinyproxy announced via advisory DSA 145-1. OpenVAS Vulnerability Test $Id: deb1451.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 145-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian DSA-145-1 : tinyproxy - doubly freed memory

The authors of tinyproxy, a lightweight HTTP proxy, discovered a bug in the handling of some invalid proxy requests. Under some circumstances, an invalid request may result in allocated memory being freed twice. This can potentially result in the execution of arbitrary code. %NASLMINLEVEL 70300 C...

Debian DSA-018-1 : tinyproxy - remote nobody exploit

PkC have found a heap overflow in tinyproxy that could be remotely exploited. An attacker could gain a shell user nobody remotely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-018. The...

CVE-2002-0847

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice double-free...

CVE-2002-0847

CVE-2002-0847 affects tinyproxy (versions up to 1.5.0, 1.4.3 and earlier) where improper handling of certain invalid proxy requests leads to a double-free of memory, enabling potential remote code execution. Multiple connected sources corroborate the doubly freed memory vulnerability in tinyproxy...

CVE-2002-0847

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice double-free...

CVE-2002-0847

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice double-free...

CVE-2002-0847

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice double-free...

DEBIAN-CVE-2002-0847

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice double-free...

[SECURITY] [DSA 145-1] New tinyproxy packages fix security vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 145-1 [email protected] http://www.debian.org/security/ Martin Schulze August 7th, 2002 - -------------------------------------------------------------------------- Package : tinyproxy...