oss-sec mailing list archives
Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges
From: Josh Bressers <bressers () redhat com>
Date: Fri, 8 Apr 2011 16:17:01 -0400 (EDT)
Please use CVE-2011-1499 Thanks. -- JB ----- Original Message -----
A bug in tinyproxy prior to 1.8.3 would turn it into an open proxy if it were defined with an "Allow" statement including an IP address range (i.e. 192.168.0.0/24). Could a CVE be assigned to this? References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493 https://banu.com/bugzilla/show_bug.cgi?id=90 https://banu.com/cgit/tinyproxy/commit/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4 https://bugzilla.redhat.com/show_bug.cgi?id=694658 -- Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges Vincent Danen (Apr 07)
- Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges Josh Bressers (Apr 08)