CVE-2007-4099 — TOR vulnerability

5 documents5 sources

Severity

5.8MEDIUMNVD

EPSS

1.0%

top 23.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR TOR

Timeline

PublishedJul 30

Latest updateMay 1

Description

Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.

CVSS vector

AV:N/AC:M/C:P/I:N/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Debiantorproject/tor< 0.1.2.15-1+3

▶NVDtor/tor15 versions+14

Patches

Patch: archives.seul.org ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-hvww-3pcr-wpmj: Tor before 0↗2022-05-01

▶

CVEList

CVE-2007-4099: Tor before 0↗2007-07-30

▶

OSV

CVE-2007-4099: Tor before 0↗2007-07-30

▶

📋Vendor Advisories

Debian

CVE-2007-4099: tor - Tor before 0.1.2.15 can select a guard node beyond the first listed never-before...↗2007

▶