Lucene search

[email protected]CVE-2007-4098

HistoryJul 30, 2007 - 9:17 p.m.

CVE-2007-4098

2007-07-3021:17:00

[email protected]

web.nvd.nist.gov

tor

vulnerability

remote attackers

injection

streamids

nvd

cve-2007-4098

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.6%

JSON

Tor before 0.1.2.15 does not properly distinguish “streamids from different exits,” which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.

Affected configurations

NVD

Node

tortorMatch0.1.0.10

tortorMatch0.1.0.11

tortorMatch0.1.0.12

tortorMatch0.1.0.13

tortorMatch0.1.0.14

tortorMatch0.1.0.18

tortorMatch0.1.1.1_alpha

tortorMatch0.1.1.2_alpha

tortorMatch0.1.1.3_alpha

tortorMatch0.1.1.4_alpha

tortorMatch0.1.1.5_alpha

tortorMatch0.1.1.20

tortorMatch0.1.1.23

tortorMatch0.1.2.1_alpha-cvs

tortorMatch0.1.2.14

CPENameOperatorVersion
tor:tortoreq0.1.0.10
tor:tortoreq0.1.0.11
tor:tortoreq0.1.0.12
tor:tortoreq0.1.0.13
tor:tortoreq0.1.0.14
tor:tortoreq0.1.0.18
tor:tortoreq0.1.1.1_alpha
tor:tortoreq0.1.1.2_alpha
tor:tortoreq0.1.1.3_alpha
tor:tortoreq0.1.1.4_alpha

CPE	Name	Operator	Version
tor:tor	tor	eq	0.1.0.10
tor:tor	tor	eq	0.1.0.11
tor:tor	tor	eq	0.1.0.12
tor:tor	tor	eq	0.1.0.13
tor:tor	tor	eq	0.1.0.14
tor:tor	tor	eq	0.1.0.18
tor:tor	tor	eq	0.1.1.1_alpha
tor:tor	tor	eq	0.1.1.2_alpha
tor:tor	tor	eq	0.1.1.3_alpha
tor:tor	tor	eq	0.1.1.4_alpha