Search criteria
3 vulnerabilities by banu
CVE-2012-3505 (GCVE-0-2012-3505)
Vulnerability from cvelistv5 – Published: 2012-10-09 23:00 – Updated: 2024-08-06 20:05
VLAI
Summary
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://banu.com/bugzilla/show_bug.cgi?id=110 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/08/17/3 | mailing-listx_refsource_MLIST |
| https://banu.com/bugzilla/show_bug.cgi?id=110#c2 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id?1027412 | vdb-entryx_refsource_SECTRACK |
| https://bugs.launchpad.net/ubuntu/+source/tinypro… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/08/18/1 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/51074 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2012/dsa-2564 | vendor-advisoryx_refsource_DEBIAN |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281 | x_refsource_MISC |
| http://secunia.com/advisories/50278 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110"
},
{
"name": "[oss-security] 20120817 CVE request: tinyproxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/17/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2"
},
{
"name": "1027412",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985"
},
{
"name": "[oss-security] 20120818 Re: CVE request: tinyproxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/18/1"
},
{
"name": "51074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51074"
},
{
"name": "DSA-2564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2564"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281"
},
{
"name": "50278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-23T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110"
},
{
"name": "[oss-security] 20120817 CVE request: tinyproxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/17/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2"
},
{
"name": "1027412",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985"
},
{
"name": "[oss-security] 20120818 Re: CVE request: tinyproxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/18/1"
},
{
"name": "51074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51074"
},
{
"name": "DSA-2564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2564"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281"
},
{
"name": "50278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50278"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3505",
"datePublished": "2012-10-09T23:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1843 (GCVE-0-2011-1843)
Vulnerability from cvelistv5 – Published: 2011-05-03 00:03 – Updated: 2024-08-06 22:37
VLAI
Summary
Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://banu.com/cgit/tinyproxy/diff/?id=97b99844… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/47715 | vdb-entryx_refsource_BID |
| https://banu.com/bugzilla/show_bug.cgi?id=90 | x_refsource_CONFIRM |
Date Public
2011-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439"
},
{
"name": "47715",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47715"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439"
},
{
"name": "47715",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47715"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439",
"refsource": "CONFIRM",
"url": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439"
},
{
"name": "47715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47715"
},
{
"name": "https://banu.com/bugzilla/show_bug.cgi?id=90",
"refsource": "CONFIRM",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1843",
"datePublished": "2011-05-03T00:03:00.000Z",
"dateReserved": "2011-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1499 (GCVE-0-2011-1499)
Vulnerability from cvelistv5 – Published: 2011-04-29 22:00 – Updated: 2024-08-06 22:28
VLAI
Summary
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=694658 | x_refsource_CONFIRM |
| http://secunia.com/advisories/44274 | third-party-advisoryx_refsource_SECUNIA |
| http://openwall.com/lists/oss-security/2011/04/08/3 | mailing-listx_refsource_MLIST |
| https://banu.com/cgit/tinyproxy/diff/?id=e8426f66… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://banu.com/bugzilla/show_bug.cgi?id=90 | x_refsource_CONFIRM |
| http://www.debian.org/security/2011/dsa-2222 | vendor-advisoryx_refsource_DEBIAN |
| http://openwall.com/lists/oss-security/2011/04/07/9 | mailing-listx_refsource_MLIST |
Date Public
2011-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
},
{
"name": "44274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44274"
},
{
"name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/08/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
},
{
"name": "tinyproxy-aclc-sec-bypass(67256)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
},
{
"name": "DSA-2222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2222"
},
{
"name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/07/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
},
{
"name": "44274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44274"
},
{
"name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/08/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
},
{
"name": "tinyproxy-aclc-sec-bypass(67256)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
},
{
"name": "DSA-2222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2222"
},
{
"name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/07/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1499",
"datePublished": "2011-04-29T22:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:41.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}