Tinyproxy
CVE-2012-3505
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.
AnalysisAI
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-310. Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket. Affected products include: Banu Tinyproxy.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used.
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.
HTTP request smuggling in Tinyproxy through 1.11.3 allows remote unauthenticated attackers to desynchronize the proxy an
HTTP request smuggling in Tinyproxy through 1.11.3 lets remote unauthenticated attackers desynchronize the proxy and bac
Authentication bypass in Tinyproxy through 1.11.3 lets unauthenticated remote attackers reach the internal statistics pa
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-roo
Same weakness CWE-310 – Cryptographic Issues
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today