Vulnerability Details CVE-2007-4097
Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.2%
CVSS Severity
CVSS v2 Score 6.4
References
- http://archives.seul.org/or/announce/Jul-2007/msg00000.html
- http://osvdb.org/46969
- http://secunia.com/advisories/26140
- http://www.securityfocus.com/bid/25035
- http://www.vupen.com/english/advisories/2007/2634
- http://archives.seul.org/or/announce/Jul-2007/msg00000.html
- http://osvdb.org/46969
- http://secunia.com/advisories/26140
- http://www.securityfocus.com/bid/25035
- http://www.vupen.com/english/advisories/2007/2634
Products affected by CVE-2007-4097
-
cpe:2.3:a:tor:tor:0.1.0.10
-
cpe:2.3:a:tor:tor:0.1.0.11
-
cpe:2.3:a:tor:tor:0.1.0.12
-
cpe:2.3:a:tor:tor:0.1.0.13
-
cpe:2.3:a:tor:tor:0.1.0.14
-
cpe:2.3:a:tor:tor:0.1.0.18
-
cpe:2.3:a:tor:tor:0.1.1.1_alpha
-
cpe:2.3:a:tor:tor:0.1.1.20
-
cpe:2.3:a:tor:tor:0.1.1.23
-
cpe:2.3:a:tor:tor:0.1.1.2_alpha
-
cpe:2.3:a:tor:tor:0.1.1.3_alpha
-
cpe:2.3:a:tor:tor:0.1.1.4_alpha
-
cpe:2.3:a:tor:tor:0.1.1.5_alpha
-
cpe:2.3:a:tor:tor:0.1.2.14
-
cpe:2.3:a:tor:tor:0.1.2.1_alpha-cvs