Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2007-4174

Опубликовано: 07 авг. 2007
Источник: nvd
CVSS2: 5.8
EPSS Средний

Описание

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*
Версия до 0.1.2.15 (включая)
cpe:2.3:a:tor:tor:0.1.2.1:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.16538
Средний

5.8 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2007-4174

ubuntu
около 18 лет назад

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

debian логотип

CVE-2007-4174

debian
около 18 лет назад

Tor before 0.1.2.16, when ControlPort is enabled, does not properly re ...

github логотип

GHSA-qprc-v4xr-fwgr

github
больше 3 лет назад

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

EPSS

Процентиль: 95%
0.16538
Средний

5.8 Medium

CVSS2

Дефекты

CWE-264