Vulnerability Details CVE-2007-4098
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.2%
CVSS Severity
CVSS v2 Score 5.8
References
- http://archives.seul.org/or/announce/Jul-2007/msg00000.html
- http://osvdb.org/46970
- http://secunia.com/advisories/26140
- http://www.securityfocus.com/bid/25035
- http://www.vupen.com/english/advisories/2007/2634
- http://archives.seul.org/or/announce/Jul-2007/msg00000.html
- http://osvdb.org/46970
- http://secunia.com/advisories/26140
- http://www.securityfocus.com/bid/25035
- http://www.vupen.com/english/advisories/2007/2634
Products affected by CVE-2007-4098
-
cpe:2.3:a:tor:tor:0.1.0.10
-
cpe:2.3:a:tor:tor:0.1.0.11
-
cpe:2.3:a:tor:tor:0.1.0.12
-
cpe:2.3:a:tor:tor:0.1.0.13
-
cpe:2.3:a:tor:tor:0.1.0.14
-
cpe:2.3:a:tor:tor:0.1.0.18
-
cpe:2.3:a:tor:tor:0.1.1.1_alpha
-
cpe:2.3:a:tor:tor:0.1.1.20
-
cpe:2.3:a:tor:tor:0.1.1.23
-
cpe:2.3:a:tor:tor:0.1.1.2_alpha
-
cpe:2.3:a:tor:tor:0.1.1.3_alpha
-
cpe:2.3:a:tor:tor:0.1.1.4_alpha
-
cpe:2.3:a:tor:tor:0.1.1.5_alpha
-
cpe:2.3:a:tor:tor:0.1.2.14
-
cpe:2.3:a:tor:tor:0.1.2.1_alpha-cvs