[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4174Date: (C)2007-08-07   (M)2023-12-22


Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018510
BID-25188
SECUNIA-26301
OSVDB-36271
ADV-2007-2768
http://archives.seul.org/or/announce/Aug-2007/msg00000.html
http://archives.seul.org/or/announce/Sep-2007/msg00000.html
tor-control-command-execution(36407)
tor-controlport-security-bypass(35784)

CPE    1
cpe:/a:tor:tor
CWE    1
CWE-264

© SecPod Technologies