Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4174 — TOR vulnerability

CWE-2647 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

19.1%

top 4.64%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Torproject TOR TOR

Timeline

PublishedAug 7

Latest updateMay 1

Description

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Debiantorproject/tor< 0.1.2.16-1+3

▶NVDtor/tor0.1.2.15+14

🔴Vulnerability Details

GHSA

GHSA-qprc-v4xr-fwgr: Tor before 0↗2022-05-01

▶

OSV

CVE-2007-4174: Tor before 0↗2007-08-07

▶

CVEList

CVE-2007-4174: Tor before 0↗2007-08-07

▶

💥Exploits & PoCs

Exploit-DB

Tor < 0.1.2.16 - ControlPort Remote Rewrite↗2007-09-29

▶

Exploit-DB

Tor 0.1.2.15 - ControlPort Missing Authentication Unauthorized Access↗2007-08-02

▶

📋Vendor Advisories

Debian

CVE-2007-4174: tor - Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict com...↗2007

▶