5.3

CVE-2015-7665

EPSS 0.48%
Veröffentlicht 27.12.2015 19:59:02
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command.  NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tails Project ≫ Tails Version <= 1.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.639

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099

http://www.openwall.com/lists/oss-security/2015/10/01/10

http://www.securityfocus.com/bid/76678

https://labs.riseup.net/code/issues/10364

https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html

https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html

https://mailman.boum.org/pipermail/tails-dev/2015-October/009591.html

https://tails.boum.org/news/version_1.7/index.en.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-7665

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7665

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7665

EUVD