Candidate: CVE-2011-1499
PublicDate: 2011-04-29 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1499
 http://www.debian.org/security/2011/dsa-2222
Description:
 acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting
 specifies a CIDR block, permits TCP connections from all IP addresses,
 which makes it easier for remote attackers to hide the origin of web
 traffic by leveraging the open HTTP proxy server.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=694658
 https://banu.com/bugzilla/show_bug.cgi?id=90
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_tinyproxy:
 upstream: https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4
upstream_tinyproxy: released (1.8.2-2)
dapper_tinyproxy: ignored (reached end-of-life)
hardy_tinyproxy: ignored (reached end-of-life)
lucid_tinyproxy: ignored (reached end-of-life)
maverick_tinyproxy: released (1.8.2-1squeeze1build0.10.10.1)
natty_tinyproxy: released (1.8.2-1squeeze1build0.11.04.1)
oneiric_tinyproxy: not-affected (1.8.2-2)
precise_tinyproxy: not-affected (1.8.2-2)
quantal_tinyproxy: not-affected (1.8.2-2)
raring_tinyproxy: not-affected (1.8.2-2)
saucy_tinyproxy: not-affected (1.8.2-2)
devel_tinyproxy: not-affected (1.8.2-2)