Lucene search

MitreCVE-2006-3418

HistoryJul 07, 2006 - 12:05 a.m.

CVE-2006-3418

2006-07-0700:05:00

mitre

web.nvd.nist.gov

cve-2006-3418

tor

server descriptor

fingerprint spoofing

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

Tor before 0.1.1.20 does not validate that a server descriptor’s fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.

Affected configurations

Nvd

Node

tortorMatch0.0.2

tortorMatch0.0.2_pre13

tortorMatch0.0.2_pre14

tortorMatch0.0.2_pre15

tortorMatch0.0.2_pre16

tortorMatch0.0.2_pre17

tortorMatch0.0.2_pre18

tortorMatch0.0.2_pre19

tortorMatch0.0.2_pre20

tortorMatch0.0.2_pre21

tortorMatch0.0.2_pre22

tortorMatch0.0.2_pre23

tortorMatch0.0.2_pre24

tortorMatch0.0.2_pre25

tortorMatch0.0.2_pre26

tortorMatch0.0.2_pre27

tortorMatch0.0.3

tortorMatch0.0.4

tortorMatch0.0.5

tortorMatch0.0.6

tortorMatch0.0.6.1

tortorMatch0.0.6.2

tortorMatch0.0.7

tortorMatch0.0.7.1

tortorMatch0.0.7.2

tortorMatch0.0.7.3

tortorMatch0.0.8

tortorMatch0.0.8.1

tortorMatch0.0.9

tortorMatch0.0.9.1

tortorMatch0.0.9.2

tortorMatch0.0.9.3

tortorMatch0.0.9.4

tortorMatch0.0.9.5

tortorMatch0.0.9.6

tortorMatch0.0.9.7

tortorMatch0.0.9.8

tortorMatch0.0.9.9

tortorMatch0.0.9.10

tortorMatch0.1.0.1

tortorMatch0.1.0.2

tortorMatch0.1.0.3

tortorMatch0.1.0.4

tortorMatch0.1.0.5

tortorMatch0.1.0.6

tortorMatch0.1.0.7

tortorMatch0.1.0.8

tortorMatch0.1.0.9

tortorMatch0.1.0.10

tortorMatch0.1.0.11

tortorMatch0.1.0.12

tortorMatch0.1.0.13

tortorMatch0.1.0.14

tortorMatch0.1.0.15

tortorMatch0.1.0.16

tortorMatch0.1.0.17

tortorMatch0.1.0.18

tortorMatch0.1.0.19

tortorMatch0.1.1.1_alpha

tortorMatch0.1.1.2_alpha

tortorMatch0.1.1.3_alpha

tortorMatch0.1.1.4_alpha

tortorMatch0.1.1.5_alpha

tortorMatch0.1.1.6_alpha

tortorMatch0.1.1.7_alpha

tortorMatch0.1.1.8_alpha

tortorMatch0.1.1.9_alpha

tortorMatch0.1.1.10_alpha

VendorProductVersionCPE
tortor0.0.2cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
tortor0.0.2_pre13cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
tortor0.0.2_pre14cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
tortor0.0.2_pre15cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
tortor0.0.2_pre16cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
tortor0.0.2_pre17cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
tortor0.0.2_pre18cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
tortor0.0.2_pre19cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
tortor0.0.2_pre20cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
tortor0.0.2_pre21cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tor	tor	0.0.2	cpe:2.3:a:tor:tor:0.0.2:::::::*
tor	tor	0.0.2_pre13	cpe:2.3:a:tor:tor:0.0.2_pre13:::::::*
tor	tor	0.0.2_pre14	cpe:2.3:a:tor:tor:0.0.2_pre14:::::::*
tor	tor	0.0.2_pre15	cpe:2.3:a:tor:tor:0.0.2_pre15:::::::*
tor	tor	0.0.2_pre16	cpe:2.3:a:tor:tor:0.0.2_pre16:::::::*
tor	tor	0.0.2_pre17	cpe:2.3:a:tor:tor:0.0.2_pre17:::::::*
tor	tor	0.0.2_pre18	cpe:2.3:a:tor:tor:0.0.2_pre18:::::::*
tor	tor	0.0.2_pre19	cpe:2.3:a:tor:tor:0.0.2_pre19:::::::*
tor	tor	0.0.2_pre20	cpe:2.3:a:tor:tor:0.0.2_pre20:::::::*
tor	tor	0.0.2_pre21	cpe:2.3:a:tor:tor:0.0.2_pre21:::::::*

Rows per page:

1-10 of 681

References

secunia.com/advisories/20514

security.gentoo.org/glsa/glsa-200606-04.xml

tor.eff.org/cvs/tor/ChangeLog

www.osvdb.org/25881

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

Related for CVE-2006-3418