FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-1499

This CVE name corresponds to:

Entered Topic
2011-04-08 tinyproxy -- ACL lists ineffective when range is configured

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-1499 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-1499
Phase Assigned(20110321)

Description

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.

References

Source Reference
MLIST [oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges
MLIST [oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493
CONFIRM https://banu.com/bugzilla/show_bug.cgi?id=90
CONFIRM https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=694658
DEBIAN DSA-2222
SECUNIA 44274
XF tinyproxy-aclc-sec-bypass(67256)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.