CVE-2012-3505

Published: 09/10/2012 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Tinyproxy 1.8.3 and previous versions allows remote malicious users to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.

Vulnerable Product	Search on Vulmon	Subscribe to Product
banu tinyproxy 1.7.1
banu tinyproxy 1.6.0
banu tinyproxy 1.5.0
banu tinyproxy 1.5.2
banu tinyproxy 1.6.5
banu tinyproxy
banu tinyproxy 1.5.1
banu tinyproxy 1.5.3
banu tinyproxy 1.6.1
banu tinyproxy 1.6.4
banu tinyproxy 1.8.2
banu tinyproxy 1.7.0
banu tinyproxy 1.8.0
banu tinyproxy 1.6.2
banu tinyproxy 1.6.3
banu tinyproxy 1.8.1

Debian Bug report logs - #685281 denial of service via many headers Package: tinyproxy; Maintainer for tinyproxy is Mike Gabriel <sunweaver@debianorg>; Source for tinyproxy is src:tinyproxy (PTS, buildd, popcon) Reported by: Thijs Kinkhorst <thijs@debianorg> Date: Sun, 19 Aug 2012 09:45:04 UTC Severity: serious Ta ...

gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers For the stable distribution (squeeze), this problem has been fixed in version 182-1squeeze3 For the testing distribution (wheezy), this problem has been fixed in version 183-3 For the unstable distribut ...

CWE-310 http://www.openwall.com/lists/oss-security/2012/08/18/1 http://www.openwall.com/lists/oss-security/2012/08/17/3 https://banu.com/bugzilla/show_bug.cgi?id=110#c2 http://secunia.com/advisories/51074 https://banu.com/bugzilla/show_bug.cgi?id=110 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281 https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985 http://secunia.com/advisories/50278 http://www.debian.org/security/2012/dsa-2564 http://www.securitytracker.com/id?1027412 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281 https://nvd.nist.gov https://www.debian.org/security/./dsa-2564

CVE-2012-3505

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect