CVE-2011-1499
Published: 29 April 2011
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
Priority
Status
Package | Release | Status |
---|---|---|
tinyproxy Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Released
(1.8.2-1squeeze1build0.10.10.1)
|
|
natty |
Released
(1.8.2-1squeeze1build0.11.04.1)
|
|
oneiric |
Not vulnerable
(1.8.2-2)
|
|
precise |
Not vulnerable
(1.8.2-2)
|
|
quantal |
Not vulnerable
(1.8.2-2)
|
|
raring |
Not vulnerable
(1.8.2-2)
|
|
saucy |
Not vulnerable
(1.8.2-2)
|
|
upstream |
Released
(1.8.2-2)
|
|
Patches: upstream: https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4 |