Lucene search

[email protected]CVE-2007-1103

HistoryFeb 26, 2007 - 5:28 p.m.

CVE-2007-1103

2007-02-2617:28:00

[email protected]

web.nvd.nist.gov

cve-2007-1103

tor

node verification

bandwidth

uptime

anonymity

traffic security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Tor does not verify a node’s uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.

Affected configurations

NVD

Node

tortorRange≤0.1.1.26

CPENameOperatorVersion
tor:tortorle0.1.1.26

CPE	Name	Operator	Version
tor:tor	tor	le	0.1.1.26

References

archives.seul.org/or/talk/Feb-2007/msg00197.html

archives.seul.org/or/talk/Feb-2007/msg00200.html

archives.seul.org/or/talk/Feb-2007/msg00202.html

osvdb.org/45249

www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pdf

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2007-1103

nvd1 cvelist1 securityvulns1 debiancve1 prion1 ubuntucve1