CVE-2015-7665

EPSS 1.6%
Veröffentlicht 27.12.2015 19:59:02
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command.  NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tails Project ≫ Tails Version <= 1.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.6%	0.727

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099

http://www.openwall.com/lists/oss-security/2015/10/01/10

http://www.securityfocus.com/bid/76678

https://labs.riseup.net/code/issues/10364

https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html

https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html

https://mailman.boum.org/pipermail/tails-dev/2015-October/009591.html

https://tails.boum.org/news/version_1.7/index.en.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-7665

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7665

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7665

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-7665