CVE-2011-1499

Name: CVE-2011-1499
Creator: NVD / NIST
Published: 2011-04-29T22:55:00.937+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.75%

Last modified Jun 16, 2026

CVE-2011-1499 is a vulnerability of currently unknown severity. acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.. EPSS estimates a 1.75% chance of exploitation in the next 30 days.

Description

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.

Metrics

EPSS Probability

1.75%

75.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-16

Affected Software

Vendor	Product	Versions
Banu	Tinyproxy	<= 1.8.2
Banu	Tinyproxy	1.5.0
Banu	Tinyproxy	1.5.1
Banu	Tinyproxy	1.5.2
Banu	Tinyproxy	1.5.3
Banu	Tinyproxy	1.6.0
Banu	Tinyproxy	1.6.1
Banu	Tinyproxy	1.6.2
Banu	Tinyproxy	1.6.3
Banu	Tinyproxy	1.6.4
Banu	Tinyproxy	1.6.5
Banu	Tinyproxy	1.7.0
Banu	Tinyproxy	1.7.1
Banu	Tinyproxy	1.8.0
Banu	Tinyproxy	1.8.1
Debian	Debian Linux	6.0

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493Issue Tracking, Patch
http://openwall.com/lists/oss-security/2011/04/07/9Mailing List, Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/3Mailing List, Third Party Advisory
http://secunia.com/advisories/44274
http://www.debian.org/security/2011/dsa-2222Third Party Advisory
https://banu.com/bugzilla/show_bug.cgi?id=90Broken Link
https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=694658Issue Tracking, Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67256
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493Issue Tracking, Patch
http://openwall.com/lists/oss-security/2011/04/07/9Mailing List, Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/3Mailing List, Third Party Advisory
http://secunia.com/advisories/44274
http://www.debian.org/security/2011/dsa-2222Third Party Advisory
https://banu.com/bugzilla/show_bug.cgi?id=90Broken Link
https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=694658Issue Tracking, Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67256

Timeline

Published: Apr 29, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-1499?

How severe is CVE-2011-1499?

Severity scoring for CVE-2011-1499 is pending analysis. The EPSS model estimates a 1.75% probability of exploitation in the next 30 days.

How do I fix CVE-2011-1499?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-1499?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST