3 results (0.001 seconds)

CVSS: 5.0EPSS: 2%CPEs: 52EXPL: 0

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket. Tinyproxy antes de v1.8.3-3 permite a atacantes remotos provocar una denegación de servicio (excesivo consumo de CPU y memoria) a través de (1) un gran número de cabeceras o (2) un gran número de cabeceras falsificados con el mismo hash. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281 http://secunia.com/advisories/50278 http://secunia.com/advisories/51074 http://www.debian.org/security/2012/dsa-2564 http://www.openwall.com/lists/oss-security/2012/08/17/3 http://www.openwall.com/lists/oss-security/2012/08/18/1 http://www.securitytracker.com/id?1027412 https://banu.com/bugzilla/show_bug.cgi?id=110 https://banu.com/bugzilla/show_bug.cgi?id=110#c2 https://bugs.launchpad.net/ubuntu&# • CWE-310: Cryptographic Issues •

CVSS: 6.8EPSS: 0%CPEs: 51EXPL: 1

Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers. Desbordamiento de enteros en conf.c en tinyproxy antes de v1.8.3 podría permitir a atacantes remotos evitar las restricciones de acceso previsto a través de una conexión TCP, relativa al manejo inadecuado de los números de puerto invalidos. • http://www.securityfocus.com/bid/47715 https://banu.com/bugzilla/show_bug.cgi?id=90 https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439 • CWE-189: Numeric Errors •

CVSS: 2.6EPSS: 0%CPEs: 52EXPL: 0

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server. acl.c en tinyproxy antes de v1.8.3, cuando la opcion "Allow Configuration" especifica un bloque CIDR, permite conexiones TCP desde todas las direcciones IP, lo que facilita a los atacantes remotos a la hora de ocultar el origen del tráfico de Internet, aprovechando la servidor proxy HTTP abierto. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493 http://openwall.com/lists/oss-security/2011/04/07/9 http://openwall.com/lists/oss-security/2011/04/08/3 http://secunia.com/advisories/44274 http://www.debian.org/security/2011/dsa-2222 https://banu.com/bugzilla/show_bug.cgi?id=90 https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4 https://bugzilla.redhat.com/show_bug.cgi?id=694658 https://exchange.xforce.ibmcloud.com/vulnerabilities/67256 • CWE-16: Configuration •