2.1

CVE-2010-0384

EPSS 0.06%
Veröffentlicht 25.01.2010 19:30:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tor ≫ Tor Version0.2.2.1

Tor ≫ Tor Version0.2.2.1 Updatealpha

Tor ≫ Tor Version0.2.2.2

Tor ≫ Tor Version0.2.2.2 Updatealpha

Tor ≫ Tor Version0.2.2.3

Tor ≫ Tor Version0.2.2.3 Updatealpha

Tor ≫ Tor Version0.2.2.4

Tor ≫ Tor Version0.2.2.4 Updatealpha

Tor ≫ Tor Version0.2.2.5

Tor ≫ Tor Version0.2.2.5 Updatealpha

Tor ≫ Tor Version0.2.2.6

Tor ≫ Tor Version0.2.2.6 Updatealpha

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://archives.seul.org/or/talk/Jan-2010/msg00162.html

https://nvd.nist.gov/vuln/detail/CVE-2010-0384

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0384

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0384

EUVD