Vulnerability Details : CVE-2011-1499
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
Products affected by CVE-2011-1499
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*
Threat overview for CVE-2011-1499
Top countries where our scanners detected CVE-2011-1499
Top open port discovered on systems with this issue
8080
IPs affected by CVE-2011-1499 41,051
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-1499!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-1499
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1499
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:N/I:P/A:N |
4.9
|
2.9
|
NIST |
CWE ids for CVE-2011-1499
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1499
-
https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4
Broken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=694658
694658 – (CVE-2011-1499, CVE-2011-1843) CVE-2011-1499 CVE-2011-1843 tinyproxy: multiple flaws corrected in version 1.8.3Issue Tracking;Patch
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493
#621493 - tinyproxy: allows everyone if using network addresses in Allow rule - Debian Bug report logsIssue Tracking;Patch
-
http://www.debian.org/security/2011/dsa-2222
Debian -- Security Information -- DSA-2222-1 tinyproxyThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67256
Tinyproxy acl.c security bypass CVE-2011-1499 Vulnerability Report
-
https://banu.com/bugzilla/show_bug.cgi?id=90
Broken Link
-
http://openwall.com/lists/oss-security/2011/04/08/3
oss-security - Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP rangesMailing List;Third Party Advisory
-
http://openwall.com/lists/oss-security/2011/04/07/9
oss-security - CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP rangesMailing List;Third Party Advisory
Jump to