Vulnerability Details CVE-2007-4099
Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.4%
CVSS Severity
CVSS v2 Score 5.8
References
- http://archives.seul.org/or/announce/Jul-2007/msg00000.html
- http://osvdb.org/46971
- http://secunia.com/advisories/26140
- http://www.securityfocus.com/bid/25035
- http://www.vupen.com/english/advisories/2007/2634
- http://archives.seul.org/or/announce/Jul-2007/msg00000.html
- http://osvdb.org/46971
- http://secunia.com/advisories/26140
- http://www.securityfocus.com/bid/25035
- http://www.vupen.com/english/advisories/2007/2634
Products affected by CVE-2007-4099
-
cpe:2.3:a:tor:tor:0.1.0.10
-
cpe:2.3:a:tor:tor:0.1.0.11
-
cpe:2.3:a:tor:tor:0.1.0.12
-
cpe:2.3:a:tor:tor:0.1.0.13
-
cpe:2.3:a:tor:tor:0.1.0.14
-
cpe:2.3:a:tor:tor:0.1.0.18
-
cpe:2.3:a:tor:tor:0.1.1.1_alpha
-
cpe:2.3:a:tor:tor:0.1.1.20
-
cpe:2.3:a:tor:tor:0.1.1.23
-
cpe:2.3:a:tor:tor:0.1.1.2_alpha
-
cpe:2.3:a:tor:tor:0.1.1.3_alpha
-
cpe:2.3:a:tor:tor:0.1.1.4_alpha
-
cpe:2.3:a:tor:tor:0.1.1.5_alpha
-
cpe:2.3:a:tor:tor:0.1.2.14
-
cpe:2.3:a:tor:tor:0.1.2.1_alpha-cvs