Security News > 2024 > May > Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
2024-05-06 14:00
More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the
News URL
https://thehackernews.com/2024/05/critical-tinyproxy-flaw-opens-over.html
Related news
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-01 | CVE-2023-49606 | A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. | 9.8 |