Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

2024-05-06 14:00

More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the

News URL

https://thehackernews.com/2024/05/critical-tinyproxy-flaw-opens-over.html

#codeexecution #critical #remote #CVE-2023-49606

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-05-01	CVE-2023-49606	A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. network low complexity CWE-416 critical	9.8

News URL

Related news

Related Vulnerability