Banu: >> Tinyproxy >> 1.4.1.2 Security Vulnerabilities
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.
CVSS Score
5.0
EPSS Score
0.034
Published
2012-10-09
Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers.
CVSS Score
6.8
EPSS Score
0.003
Published
2011-05-03
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
CVSS Score
2.6
EPSS Score
0.008
Published
2011-04-29