Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE
Patch now: CVE-2023-49606 in the open source, small-footprint proxy server can potentially lead to remote code execution.
Proxy servers can mask network origins, filter traffic, and create security risks when attackers abuse them for evasion or unauthorized access.
Search across headline titles and summaries.
Background for this topic.
A proxy is an intermediary that sends requests to a destination and returns responses, so the client and destination do not communicate directly. A forward proxy represents users or systems making outbound connections; a reverse proxy represents an application or service to inbound clients and may route traffic, terminate TLS, or enforce authentication. This tag generally concerns these network components, not browser-based privacy tools alone.
Security depends heavily on configuration and trust boundaries. A forward proxy can enforce egress policy and provide useful logs, but an exposed or misconfigured one may permit unauthorized relaying, while proxy logs can reveal sensitive browsing or business activity. TLS inspection requires controlled certificate deployment and careful handling of decrypted traffic. Reverse proxies reduce direct exposure of back-end services, but access controls must not rely solely on them, and forwarded client-IP headers must be trusted only from known proxies. During investigations, proxy logs help reconstruct connections, but shared addresses and address translation can complicate attribution.
Patch now: CVE-2023-49606 in the open source, small-footprint proxy server can potentially lead to remote code execution.
More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool