1. CVE-Search
  2. CVE-2007-4098
ID CVE-2007-4098
Summary Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
References
Vulnerable Configurations
  • cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.2.1_alpha-cvs:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.2.1_alpha-cvs:*:*:*:*:*:*:*
  • cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 08-03-2011 - 02:57)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:P
refmap via4
bid 25035
mlist [or-announce] 20070723 Tor 0.1.2.15 is released
osvdb 46970
secunia 26140
vupen ADV-2007-2634
Last major update 08-03-2011 - 02:57
Published 30-07-2007 - 21:17
Last modified 08-03-2011 - 02:57
Back to Top