NVD

Id
56305  
Name
CVE-2007-4174  
Description
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-07  
Published
2007-08-07  
Modified Date
2011-03-17  
Seq
2007-4174  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
286762 56305 CVE-2007-4174 [or-announce] 20070802 Tor 0.1.2.16 is released  View
286763 56305 CVE-2007-4174 [or-announce] 20070901 Tor security advisory: cross-protocol http form attack  View
286764 56305 CVE-2007-4174 25188  View
286765 56305 CVE-2007-4174 1018510  View
286766 56305 CVE-2007-4174 ADV-2007-2768  View
286767 56305 CVE-2007-4174 tor-controlport-security-bypass(35784)  View
286768 56305 CVE-2007-4174 tor-control-command-execution(36407)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
57247 JVNDB-2007-005939 Tor における torrc 設定ファイルを変更される脆弱性 Tor は、制御ポートが有効になっている際、localhost ポート 9051 へのコマンドを適切に制限しないため、torrc 設定ファイルを変更される、および匿名性を侵害される脆弱性が存在します。 CVE-2007-4174 27529 CVE-2007-4174 56305 5.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005939.html 2007-08-07 2012-12-20 View