5.8

CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TorTor Version <= 0.1.2.15
TorTor Version0.1.2.1 Updatealpha
TorTor Version0.1.2.2
TorTor Version0.1.2.3 Updatealpha
TorTor Version0.1.2.4
TorTor Version0.1.2.5
TorTor Version0.1.2.5 Updatealpha
TorTor Version0.1.2.6 Updatealpha
TorTor Version0.1.2.7 Updatealpha
TorTor Version0.1.2.8 Updatebeta
TorTor Version0.1.2.9
TorTor Version0.1.2.10
TorTor Version0.1.2.11
TorTor Version0.1.2.12
TorTor Version0.1.2.13
TorTor Version0.1.2.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.21% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.seul.org/or/announce/Aug-2007/msg00000.html
http://archives.seul.org/or/announce/Sep-2007/msg00000.html
http://osvdb.org/36271
http://secunia.com/advisories/26301
Vendor Advisory
http://www.securityfocus.com/bid/25188
http://www.securitytracker.com/id?1018510
http://www.vupen.com/english/advisories/2007/2768
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35784
https://exchange.xforce.ibmcloud.com/vulnerabilities/36407