7.5
CVE-2017-0377
- EPSS 0.48%
- Veröffentlicht 02.07.2017 15:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
LoginTor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Torproject ≫ Tor Version0.3.0.1 Updatealpha
Torproject ≫ Tor Version0.3.0.2 Updatealpha
Torproject ≫ Tor Version0.3.0.3 Updatealpha
Torproject ≫ Tor Version0.3.0.4
Torproject ≫ Tor Version0.3.0.5
Torproject ≫ Tor Version0.3.0.6
Torproject ≫ Tor Version0.3.0.7
Torproject ≫ Tor Version0.3.0.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.62 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.