CVE-2011-1499
tinyproxy - incorrect ACL processing
EPSS 0.78%
Description
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
How to fix CVE-2011-1499
To remediate CVE-2011-1499, upgrade the affected package to a fixed version below.
- Debian/tinyproxy—upgrade to 1.8.2-2 or later
- Debian/tinyproxy—upgrade to 1.8.2-1squeeze1 or later
Is CVE-2011-1499 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.8.2-2
- from 0, < 1.8.2-1squeeze1