|
|
CVE Reference: CVE-2007-4174 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-4174 |
|
|
Description: Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/35784 http://xforce.iss.net/xforce/xfdb/36407 ST 1018510 SAID Secunia Advisory: SA26301 OSVDB 36271 MLIST http://archives.seul.org/or/announce/Sep-2007/msg00000.html http://archives.seul.org/or/announce/Aug-2007/msg00000.html BID 25188 |
|
| Return to the previous page. |
