[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-5117Date: (C)2014-08-06   (M)2023-12-22


Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-60084
SECUNIA-60647
https://lists.torproject.org/pipermail/tor-announce/2014-July/000093.html
https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html
https://lists.torproject.org/pipermail/tor-talk/2014-July/034180.html
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
https://trac.torproject.org/projects/tor/ticket/1038

CPE    123
cpe:/a:torproject:tor:0.2.3.23:rc
cpe:/a:torproject:tor:0.2.4.2:alpha
cpe:/a:torproject:tor:0.2.4.19
cpe:/a:torproject:tor:0.2.4.16:rc
...
OVAL    5
oval:org.secpod.oval:def:108596
oval:org.secpod.oval:def:107335
oval:org.secpod.oval:def:107354
oval:org.secpod.oval:def:108730
...

© SecPod Technologies