NVD

Id
32895  
Name
CVE-2014-5117  
Description
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-07-30  
Modified Date
2017-01-06  
Seq
2014-5117  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
172710 32895 CVE-2014-5117 60084  View
172711 32895 CVE-2014-5117 60647  View
172712 32895 CVE-2014-5117 https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack  View
172713 32895 CVE-2014-5117 [tor-announce] 20140730 Tor 0.2.4.23 is released  View
172714 32895 CVE-2014-5117 [tor-announce] 20140730 Tor security advisory: "relay early" traffic confirmation attack  View
172715 32895 CVE-2014-5117 [tor-talk] 20140730 Tor 0.2.5.6-alpha is out  View
172716 32895 CVE-2014-5117 https://trac.torproject.org/projects/tor/ticket/1038  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14762 JVNDB-2014-003637 Tor における疎通確認攻撃を実行される脆弱性 Tor は、インバウンドの RELAY_EARLY セルがクライアントに受信された後、回路を保持するため、疎通確認攻撃 (traffic-confirmation attack) を実行される脆弱性が存在します。 CVE-2014-5117 72406 CVE-2014-5117 32895 5.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003637.html 2014-07-30 2014-08-06 View