Lucene search
RootSSV:20524HistoryMay 08, 2011 - 12:00 a.m.
Tinyproxy 'conf.c'整数溢出安全绕过漏洞
2011-05-0800:00:00
Root
www.seebug.org
148
0.004 Low
EPSS
Percentile
74.6%
Bugtraq ID: 47715
CVE ID:CVE-2011-1499
Tinyproxy是一个小型的基于GPL的HTTP/SSL代理程序。
Tinyproxy在子网掩码生成实现上存在一个错误,当配置允许网络段时(如"Allow 192.168.0.0/24"相对与默认的"Allow 127.0.0.1"),会允许任意IP地址连接,使其成为一个开放代理。如果配置使用一个或多个使用IP段的Allow语句,就会发生这种情况。
Banu Systems Private Limited Tinyproxy 1.8.2
厂商解决方案
Tinyproxy 1.8.3已经修复此漏洞,建议用户下载使用:
https://banu.com/tinyproxy/
Related
prion
prion
Design/Logic Flaw
2011-04-29 22:55:00
nvd
nvd
CVE-2011-1499
2011-04-29 22:55:00
cve
cve
CVE-2011-1499
2011-04-29 22:55:00
openvas
openvas
Debian Security Advisory DSA 2222-1 (tinyproxy)
2011-05-12 00:00:00
FreeBSD Ports: tinyproxy
2011-05-12 00:00:00
FreeBSD Ports: tinyproxy
2011-05-12 00:00:00
nessus
nessus
FreeBSD : tinyproxy -- ACL lists ineffective when range is configured (b9281fb9-61b2-11e0-b1ce-0019d1a7ece2)
2011-04-11 00:00:00
Debian DSA-2222-1 : tinyproxy - incorrect ACL processing
2011-04-21 00:00:00
Fedora 20 : tinyproxy-1.8.3-1.fc20 (2013-16165)
2013-09-23 00:00:00
cvelist
cvelist
CVE-2011-1499
2011-04-29 22:00:00
ubuntucve
ubuntucve
CVE-2011-1499
2011-04-29 00:00:00
freebsd
freebsd
tinyproxy -- ACL lists ineffective when range is configured
2010-05-18 00:00:00
debian
debian
[SECURITY] [DSA 2222-1] tinyproxy security update
2011-04-20 17:16:14
debiancve
debiancve
CVE-2011-1499
2011-04-29 22:55:00
fedora
fedora
[SECURITY] Fedora 20 Update: tinyproxy-1.8.3-1.fc20
2013-09-23 00:01:57
[SECURITY] Fedora 19 Update: tinyproxy-1.8.3-1.fc19
2013-09-21 08:33:48