CVE-2011-1499 — LOW (2.6) — White Hats Nepal

Q: How severe is CVE-2011-1499?

CVE-2011-1499 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1499?

Check the references section above for vendor advisories and patch information. Affected products include: Banu Tinyproxy, Debian Debian Linux.

Vulnerability Description

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Banu	Tinyproxy	<= 1.8.2
Debian	Debian Linux	6.0

Related Weaknesses (CWE)

CWE-16

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493Issue TrackingPatch
http://openwall.com/lists/oss-security/2011/04/07/9Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/3Mailing ListThird Party Advisory
http://secunia.com/advisories/44274
http://www.debian.org/security/2011/dsa-2222Third Party Advisory
https://banu.com/bugzilla/show_bug.cgi?id=90Broken Link
https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23eBroken Link
https://bugzilla.redhat.com/show_bug.cgi?id=694658Issue TrackingPatch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67256
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493Issue TrackingPatch
http://openwall.com/lists/oss-security/2011/04/07/9Mailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/3Mailing ListThird Party Advisory
http://secunia.com/advisories/44274
http://www.debian.org/security/2011/dsa-2222Third Party Advisory
https://banu.com/bugzilla/show_bug.cgi?id=90Broken Link

FAQ

What is CVE-2011-1499?

CVE-2011-1499 is a vulnerability with a CVSS score of 2.6 (LOW). acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origi...

How severe is CVE-2011-1499?

CVE-2011-1499 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1499?

Check the references section above for vendor advisories and patch information. Affected products include: Banu Tinyproxy, Debian Debian Linux.