CVE-2012-3505

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281
http://secunia.com/advisories/50278
http://secunia.com/advisories/51074
http://www.debian.org/security/2012/dsa-2564
http://www.openwall.com/lists/oss-security/2012/08/17/3
http://www.openwall.com/lists/oss-security/2012/08/18/1
http://www.securitytracker.com/id?1027412
https://banu.com/bugzilla/show_bug.cgi?id=110
https://banu.com/bugzilla/show_bug.cgi?id=110#c2
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281
http://secunia.com/advisories/50278
http://secunia.com/advisories/51074
http://www.debian.org/security/2012/dsa-2564
http://www.openwall.com/lists/oss-security/2012/08/17/3
http://www.openwall.com/lists/oss-security/2012/08/18/1
http://www.securitytracker.com/id?1027412
https://banu.com/bugzilla/show_bug.cgi?id=110
https://banu.com/bugzilla/show_bug.cgi?id=110#c2
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:banu:tinyproxy::::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:::::::*
	cpe:2.3:a:banu:tinyproxy:1.5.0:pre1::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:pre2::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:pre3::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:pre4::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:pre5::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:pre6::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:rc1::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:rc10::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:rc2::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:rc4::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:rc5::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:rc6::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:rc7::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:rc8::::::
	cpe:2.3:a:banu:tinyproxy:1.5.0:rc9::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:::::::*
	cpe:2.3:a:banu:tinyproxy:1.5.1:pre1::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:pre2::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:pre3::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:pre4::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:pre5::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:pre6::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:rc1::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:rc2::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:rc3::::::
	cpe:2.3:a:banu:tinyproxy:1.5.1:rc4::::::
	cpe:2.3:a:banu:tinyproxy:1.5.2:::::::*
	cpe:2.3:a:banu:tinyproxy:1.5.2:rc1::::::
	cpe:2.3:a:banu:tinyproxy:1.5.2:rc2::::::
	cpe:2.3:a:banu:tinyproxy:1.5.3:::::::*
	cpe:2.3:a:banu:tinyproxy:1.5.3:rc1::::::
	cpe:2.3:a:banu:tinyproxy:1.6.0:::::::*
	cpe:2.3:a:banu:tinyproxy:1.6.0:a::::::
	cpe:2.3:a:banu:tinyproxy:1.6.0:pre1::::::
	cpe:2.3:a:banu:tinyproxy:1.6.0:pre2::::::
	cpe:2.3:a:banu:tinyproxy:1.6.0:pre3::::::
	cpe:2.3:a:banu:tinyproxy:1.6.0:pre4::::::
	cpe:2.3:a:banu:tinyproxy:1.6.0:rc1::::::
	cpe:2.3:a:banu:tinyproxy:1.6.0:rc2::::::
	cpe:2.3:a:banu:tinyproxy:1.6.0:rc3::::::
	cpe:2.3:a:banu:tinyproxy:1.6.1:::::::*
	cpe:2.3:a:banu:tinyproxy:1.6.2:::::::*
	cpe:2.3:a:banu:tinyproxy:1.6.3:::::::*
	cpe:2.3:a:banu:tinyproxy:1.6.4:::::::*
	cpe:2.3:a:banu:tinyproxy:1.6.5:::::::*
	cpe:2.3:a:banu:tinyproxy:1.7.0:::::::*
	cpe:2.3:a:banu:tinyproxy:1.7.1:::::::*
	cpe:2.3:a:banu:tinyproxy:1.8.0:::::::*
	cpe:2.3:a:banu:tinyproxy:1.8.1:::::::*
	cpe:2.3:a:banu:tinyproxy:1.8.2:::::::*

History

21 Nov 2024, 01:41

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281 -~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281 -
References	~~() http://secunia.com/advisories/50278 -~~	() http://secunia.com/advisories/50278 -
References	~~() http://secunia.com/advisories/51074 -~~	() http://secunia.com/advisories/51074 -
References	~~() http://www.debian.org/security/2012/dsa-2564 -~~	() http://www.debian.org/security/2012/dsa-2564 -
References	~~() http://www.openwall.com/lists/oss-security/2012/08/17/3 -~~	() http://www.openwall.com/lists/oss-security/2012/08/17/3 -
References	~~() http://www.openwall.com/lists/oss-security/2012/08/18/1 -~~	() http://www.openwall.com/lists/oss-security/2012/08/18/1 -
References	~~() http://www.securitytracker.com/id?1027412 -~~	() http://www.securitytracker.com/id?1027412 -
References	~~() https://banu.com/bugzilla/show_bug.cgi?id=110 -~~	() https://banu.com/bugzilla/show_bug.cgi?id=110 -
References	~~() https://banu.com/bugzilla/show_bug.cgi?id=110#c2 -~~	() https://banu.com/bugzilla/show_bug.cgi?id=110#c2 -
References	~~() https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985 -~~	() https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985 -

07 Nov 2023, 02:11

Type	Values Removed	Values Added
Summary	Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.	Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.

Information

Published : 2012-10-09 23:55

Updated : 2024-11-21 01:41

NVD link : CVE-2012-3505

Mitre link : CVE-2012-3505

CVE.ORG link : CVE-2012-3505

JSON object : View

Products Affected

banu

tinyproxy

CWE

CWE-310

Cryptographic Issues

5.0 /10