CVE-2011-4896 — Sensitive Information Exposure in TOR

CWE-200 — Sensitive Information Exposure8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 51.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR TOR

Timeline

PublishedDec 23

Latest updateMay 17

Description

Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debiantorproject/tor< 0.2.2.27-beta-1+3

▶NVDtor/tor0.2.2.23+202

🔴Vulnerability Details

GHSA

GHSA-89m8-4ff5-r928: Tor before 0↗2022-05-17

▶

CVEList

CVE-2011-4896: Tor before 0↗2011-12-23

▶

OSV

CVE-2011-4896: Tor before 0↗2011-12-23

▶

📋Vendor Advisories

Debian

CVE-2011-4896: tor - Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previousl...↗2011

▶

💬Community

Bugzilla

CVE-2011-4894 CVE-2011-4895 CVE-2011-4896 tor various flaws [fedora-all]↗2012-01-03

▶

Bugzilla

CVE-2011-4894 CVE-2011-4895 CVE-2011-4896 tor various flaws [epel-all]↗2012-01-03

▶

Bugzilla

CVE-2011-4896 Tor Bridge information disclosure↗2011-12-23

▶