Lucene search

[email protected]CVE-2008-5398

HistoryDec 09, 2008 - 12:30 a.m.

CVE-2008-5398

2008-12-0900:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-5398

tor vulnerability

dns

exit relay

ip address mapping

security issue

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.5%

JSON

Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.

Affected configurations

NVD

Node

tortorRange≤0.1.2.31

tortorMatch0.0.2

tortorMatch0.0.2_pre13

tortorMatch0.0.2_pre14

tortorMatch0.0.2_pre15

tortorMatch0.0.2_pre16

tortorMatch0.0.2_pre17

tortorMatch0.0.2_pre18

tortorMatch0.0.2_pre19

tortorMatch0.0.2_pre20

tortorMatch0.0.2_pre21

tortorMatch0.0.2_pre22

tortorMatch0.0.2_pre23

tortorMatch0.0.2_pre24

tortorMatch0.0.2_pre25

tortorMatch0.0.2_pre26

tortorMatch0.0.2_pre27

tortorMatch0.0.3

tortorMatch0.0.4

tortorMatch0.0.5

tortorMatch0.0.6

tortorMatch0.0.6.1

tortorMatch0.0.6.2

tortorMatch0.0.7

tortorMatch0.0.7.1

tortorMatch0.0.7.2

tortorMatch0.0.7.3

tortorMatch0.0.8

tortorMatch0.0.8.1

tortorMatch0.0.9

tortorMatch0.0.9.1

tortorMatch0.0.9.2

tortorMatch0.0.9.3

tortorMatch0.0.9.4

tortorMatch0.0.9.5

tortorMatch0.0.9.6

tortorMatch0.0.9.7

tortorMatch0.0.9.8

tortorMatch0.0.9.9

tortorMatch0.0.9.10

tortorMatch0.1.0.1

tortorMatch0.1.0.2

tortorMatch0.1.0.3

tortorMatch0.1.0.4

tortorMatch0.1.0.5

tortorMatch0.1.0.6

tortorMatch0.1.0.7

tortorMatch0.1.0.8

tortorMatch0.1.0.9

tortorMatch0.1.0.10

tortorMatch0.1.0.11

tortorMatch0.1.0.12

tortorMatch0.1.0.13

tortorMatch0.1.0.14

tortorMatch0.1.0.15

tortorMatch0.1.0.16

tortorMatch0.1.0.17

tortorMatch0.1.0.18

tortorMatch0.1.0.19

tortorMatch0.1.1.1

tortorMatch0.1.1.1_alpha

tortorMatch0.1.1.2

tortorMatch0.1.1.2_alpha

tortorMatch0.1.1.3

tortorMatch0.1.1.3_alpha

tortorMatch0.1.1.4

tortorMatch0.1.1.4_alpha

tortorMatch0.1.1.5

tortorMatch0.1.1.5_alpha

tortorMatch0.1.1.6

tortorMatch0.1.1.6_alpha

tortorMatch0.1.1.7

tortorMatch0.1.1.7_alpha

tortorMatch0.1.1.8

tortorMatch0.1.1.8_alpha

tortorMatch0.1.1.9

tortorMatch0.1.1.9_alpha

tortorMatch0.1.1.10

tortorMatch0.1.1.10_alpha

tortorMatch0.1.1.11

tortorMatch0.1.1.12

tortorMatch0.1.1.13

tortorMatch0.1.1.14

tortorMatch0.1.1.15

tortorMatch0.1.1.16

tortorMatch0.1.1.17

tortorMatch0.1.1.18

tortorMatch0.1.1.19

tortorMatch0.1.1.20

tortorMatch0.1.1.21

tortorMatch0.1.1.22

tortorMatch0.1.1.23

tortorMatch0.1.1.26

tortorMatch0.1.2.1_alpha-cvs

tortorMatch0.1.2.14

tortorMatch0.1.2.15

tortorMatch0.1.2.17

tortorMatch0.1.2.18

tortorMatch0.1.2.19

tortorMatch0.1.2.30

CPENameOperatorVersion
tor:tortorle0.1.2.31
tor:tortoreq0.0.2
tor:tortoreq0.0.2_pre13
tor:tortoreq0.0.2_pre14
tor:tortoreq0.0.2_pre15
tor:tortoreq0.0.2_pre16
tor:tortoreq0.0.2_pre17
tor:tortoreq0.0.2_pre18
tor:tortoreq0.0.2_pre19
tor:tortoreq0.0.2_pre20

CPE	Name	Operator	Version
tor:tor	tor	le	0.1.2.31
tor:tor	tor	eq	0.0.2
tor:tor	tor	eq	0.0.2_pre13
tor:tor	tor	eq	0.0.2_pre14
tor:tor	tor	eq	0.0.2_pre15
tor:tor	tor	eq	0.0.2_pre16
tor:tor	tor	eq	0.0.2_pre17
tor:tor	tor	eq	0.0.2_pre18
tor:tor	tor	eq	0.0.2_pre19
tor:tor	tor	eq	0.0.2_pre20