CVE-2011-1499

EPSS 0.78%

tinyproxy - incorrect ACL processing

Published: 4/29/2011Modified: 4/28/2026

Description

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.

Affected packages (2)

Debian/tinyproxyfrom 0, < 1.8.2-2
Debian/tinyproxyfrom 0, < 1.8.2-1squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-1499