Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Do 09.05.2024 00:00:13 7.197 0 579.360 80,5 NerdCulture 4.2.8 500 Mi 08.05.2024 00:00:12 7.197 -2 578.822 80,4 NerdCulture 4.2.8 500 Di 07.05.2024 00:00:20 7.199 +1 578.180 80,3 NerdCulture 4.2.8 500 Mo 06.05.2024 00:00:12 7.198 0 577.581 80,2 NerdCulture 4.2.8 500 So 05.05.2024 00:00:12 7.198 0 577.115 80,2 NerdCulture 4.2.8 500 Sa 04.05.2024 00:00:14 7.198 -1 576.511 80,1 NerdCulture 4.2.8 500 Fr 03.05.2024 00:00:10 7.199 +1 576.046 80,0 NerdCulture 4.2.8 500 Do 02.05.2024 00:00:10 7.198 +1 575.644 80,0 NerdCulture 4.2.8 500 Mi 01.05.2024 00:00:24 7.197 0 575.080 79,9 NerdCulture 4.2.8 500 Di 30.04.2024 00:00:14 7.197 0 574.573 79,8 NerdCulture 4.2.8 500
Olly 👾 (@Olly42) · 01/2024 · Tröts: 173 · Folger: 18
Do 09.05.2024 14:49
Over 50,000 Tinyproxy Servers vulnerable to critical RCE Flaw.
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small and lightweight. It is specifically tailored for UNIX-like operating systems.
http://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
#tinyproxy #server #it #security #engineer #tech #news
Talos researchers explained in the report that the flaw occurs in the 'remove_connection_headers()' function, where specific HTTP headers (Connection and Proxy-Connection) are not correctly managed, leading to memory being freed and then incorrectly accessed again. This can be easily exploited with a simple malformed HTTP request (e.g., Connection: Connection) without requiring authentication.
Location of vulnerable hosts [Source: Censys] A majority of the publicly-accessible hosts are located in the U.S. (32,846), South Korea (18,358), China (7,808), France (5,208) and Germany (3,680).
Cisco warned at the time that despite its efforts to alert Tinyproxy's developers of the critical flaw, it received no response and no patch was available for users to download.
[Öffentlich] Antw.: 0 Wtrl.: 3 Fav.: 0 · via Metatext