mastodonien.de

nerdculture.de

Zeitpunkt              Nutzer    Delta   Tröts        TNR     Titel                     Version  maxTL
Do 09.05.2024 00:00:13     7.197       0      579.360    80,5 NerdCulture               4.2.8      500
Mi 08.05.2024 00:00:12     7.197      -2      578.822    80,4 NerdCulture               4.2.8      500
Di 07.05.2024 00:00:20     7.199      +1      578.180    80,3 NerdCulture               4.2.8      500
Mo 06.05.2024 00:00:12     7.198       0      577.581    80,2 NerdCulture               4.2.8      500
So 05.05.2024 00:00:12     7.198       0      577.115    80,2 NerdCulture               4.2.8      500
Sa 04.05.2024 00:00:14     7.198      -1      576.511    80,1 NerdCulture               4.2.8      500
Fr 03.05.2024 00:00:10     7.199      +1      576.046    80,0 NerdCulture               4.2.8      500
Do 02.05.2024 00:00:10     7.198      +1      575.644    80,0 NerdCulture               4.2.8      500
Mi 01.05.2024 00:00:24     7.197       0      575.080    79,9 NerdCulture               4.2.8      500
Di 30.04.2024 00:00:14     7.197       0      574.573    79,8 NerdCulture               4.2.8      500

Do 09.05.2024 14:49

Over 50,000 Tinyproxy Servers vulnerable to critical RCE Flaw.

Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small and lightweight. It is specifically tailored for UNIX-like operating systems.

talosintelligence.com/vulnerab

Talos researchers explained in the report that the flaw occurs in the 'remove_connection_headers()' function, where specific HTTP headers (Connection and Proxy-Connection) are not correctly managed, leading to memory being freed and then incorrectly accessed again. This can be easily exploited with a simple malformed HTTP request (e.g., Connection: Connection) without requiring authentication.

Talos researchers explained in the report that the flaw occurs in the 'remove_connection_headers()' function, where specific HTTP headers (Connection and Proxy-Connection) are not correctly managed, leading to memory being freed and then incorrectly accessed again. This can be easily exploited with a simple malformed HTTP request (e.g., Connection: Connection) without requiring authentication.

Location of vulnerable hosts [Source: Censys] A majority of the publicly-accessible hosts are located in the U.S. (32,846), South Korea (18,358), China (7,808), France (5,208) and Germany (3,680).

Location of vulnerable hosts [Source: Censys] A majority of the publicly-accessible hosts are located in the U.S. (32,846), South Korea (18,358), China (7,808), France (5,208) and Germany (3,680).

Cisco warned at the time that despite its efforts to alert Tinyproxy's developers of the critical flaw, it received no response and no patch was available for users to download.

Cisco warned at the time that despite its efforts to alert Tinyproxy's developers of the critical flaw, it received no response and no patch was available for users to download.

[Öffentlich] Antw.: 0 Wtrl.: 3 Fav.: 0 · via Metatext

Antw. · Weiterl. · Fav. · Lesez. · Pin · Stumm · Löschen