NVD

Id
28167  
Name
CVE-2015-7665  
Description
Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2015-12-27  
Modified Date
2016-11-28  
Seq
2015-7665  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
148120 28167 CVE-2015-7665 http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099  View
148121 28167 CVE-2015-7665 [oss-security] 20151001 Re: CVE request for wget  View
148122 28167 CVE-2015-7665 76678  View
148123 28167 CVE-2015-7665 https://labs.riseup.net/code/issues/10364  View
148124 28167 CVE-2015-7665 [bug-wget] 20150810 FTP PORT command code in v1.16.3?  View
148125 28167 CVE-2015-7665 [tails-dev] 20150813 [Bug-wget] Wget Sending Original IP !!  View
148126 28167 CVE-2015-7665 [tails-dev] 20151002 [Bug-wget] Wget Sending Original IP !!  View
148127 28167 CVE-2015-7665 https://tails.boum.org/news/version_1.7/index.en.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11233 JVNDB-2015-006553 Tails における Tor クライアントの IP アドレスを取得される脆弱性 Tails は、wget プログラムを含むが、パッシブ FTP からアクティブ FTP への自動フォールバックを適切に制限しないため、Tor クライアントの IP アドレスを取得される脆弱性が存在します。 CVE-2015-7665 84890 CVE-2015-7665 28167 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-006553.html 2015-11-03 2016-01-04 View