{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"}, {"name": "44274", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44274"}, {"name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/08/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"}, {"name": "tinyproxy-aclc-sec-bypass(67256)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"}, {"name": "DSA-2222", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2222"}, {"name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/07/9"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:41.802Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"}, {"name": "44274", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44274"}, {"name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/08/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"}, {"name": "tinyproxy-aclc-sec-bypass(67256)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"}, {"name": "DSA-2222", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2222"}, {"name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/07/9"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1499", "datePublished": "2011-04-29T22:00:00", "dateReserved": "2011-03-21T00:00:00", "dateUpdated": "2024-08-06T22:28:41.802Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "D51F3BA5-1282-476E-922D-1F8D265D9751", "versionEndIncluding": "1.8.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E01A3AF-BAED-46BB-A378-E5C62907ABA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "3B8B13DE-1161-4993-BB34-8228EEE43252", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*", "matchCriteriaId": "D7996D03-1884-4334-B43F-A5B4D9458C2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*", "matchCriteriaId": "6DCFC9B7-BDC7-4156-85A3-755A671C07A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*", "matchCriteriaId": "C98C8696-86AE-40AA-B45D-4FC46C20C60B", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*", "matchCriteriaId": "5F75221E-F380-4ED1-9019-2A15A94E8942", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*", "matchCriteriaId": "0A551F1C-8798-456C-A393-69F240CFDC1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "295E82ED-4B37-4FC9-ACF6-E6525D2D7577", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*", "matchCriteriaId": "52D32C1C-ADAC-434D-B61E-4521E61700A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "EF430680-0EA9-44F2-B008-38C09CE391A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "A1B5FF94-35C9-46C7-9B56-FA3CCF0367A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "A5FA5945-876F-4D49-8743-FD8B0A4BEBD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "758E84E7-B4D4-4502-99A2-E13FE1F1BB34", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "A056CA07-8E63-4BC4-B788-6FA28FA6B9CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*", "matchCriteriaId": "437DC576-9A0F-45DD-B7DB-D3BDF8FAF306", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*", "matchCriteriaId": "0F5E2202-1782-4583-826F-4E8D8A79D03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34C0689-C9E7-4253-955B-EB07D48CEC97", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*", "matchCriteriaId": "56EC1656-6577-41E9-B66A-5EAAAA5F7317", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*", "matchCriteriaId": "E9644328-8BD9-4DC6-B390-41157761B14B", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*", "matchCriteriaId": "BA8A973D-15C5-48A2-BF93-DBB1945D2CF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*", "matchCriteriaId": "952A6F77-710E-4E13-94B2-EC4853A195B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*", "matchCriteriaId": "54F424CF-FE0F-46A8-A62D-9C25DEC9F00B", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*", "matchCriteriaId": "8F6AAF00-5972-41DD-AB4F-6AECA14E47DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "7056081A-63D6-4213-A162-CF3502D03D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "2CC13B57-6DBB-4E6B-9FEE-D99DFC6A496B", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "680705E5-D484-4C7E-8E70-E30E667A666D", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "19389006-AFFF-4BDB-8238-5F70758E7555", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC2D8320-234D-47BD-AE43-45D78B1FC2B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "3F506449-969A-47EC-80C3-A75B88FC53B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "B4450B57-BD9D-492E-913C-436BE56ADC9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "5B0EEFD8-5B25-4280-BE73-3FB1C57669B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "2E364882-403C-4639-B13F-8EE34DA2C7B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "917A1FA8-50C6-4B0C-B196-2EE092EBEAD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*", "matchCriteriaId": "9EEC829A-0933-4599-9B21-CD404411CF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "0EEC2D9F-0847-44DE-8507-ABA12254BA37", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*", "matchCriteriaId": "7831E2D8-91A5-45B3-A831-55F114328881", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*", "matchCriteriaId": "E7337CF4-437D-4D12-8B66-9C74C79240AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*", "matchCriteriaId": "808831CA-2565-4CEC-B9DA-8A9099ADF48A", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7C785F3F-A138-4B6D-BA36-1C02E1F78370", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "858B75C0-77AF-49C5-9864-FE47AC7B22DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "AA70648C-38C6-438A-8C91-D29CF06DD29C", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "D466A50B-02CF-422F-9D1C-8C12D7992C17", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7424517-9067-4437-8C9C-528BD7B81D37", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE679246-BAA7-487C-A002-E67FF7CBB0CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "A8DB3514-4D09-4E4C-80C3-1C071251D1A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "B8904EC5-C176-499D-8852-638203ED837A", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A2CC7B8-6BCB-453E-AA85-CCBAEC216A6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB61EC72-D1C1-40BD-8271-4E67DBB53C62", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1AD0C6B-8879-4685-B63D-78BD7FBC5ECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA6728A7-5193-49F9-8790-4D8438045683", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."}, {"lang": "es", "value": "acl.c en tinyproxy antes de v1.8.3, cuando la opcion \"Allow Configuration\" especifica un bloque CIDR, permite conexiones TCP desde todas las direcciones IP, lo que facilita a los atacantes remotos a la hora de ocultar el origen del tr\u00e1fico de Internet, aprovechando la servidor proxy HTTP abierto."}], "id": "CVE-2011-1499", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-29T22:55:00.937", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/04/07/9"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/04/08/3"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/44274"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2222"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/04/07/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/04/08/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/44274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}