CVE-2007-4174

NONECVSS 0.0

0.0

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

🔗 References (18)

cve@mitrehttp://archives.seul.org/or/announce/Aug-2007/msg00000.html
cve@mitrehttp://archives.seul.org/or/announce/Sep-2007/msg00000.html
cve@mitrehttp://osvdb.org/36271
cve@mitrehttp://secunia.com/advisories/26301
cve@mitrehttp://www.securityfocus.com/bid/25188
cve@mitrehttp://www.securitytracker.com/id?1018510
cve@mitrehttp://www.vupen.com/english/advisories/2007/2768
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/35784
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/36407
af854a3a-2127-422b-91ae-364da2661108http://archives.seul.org/or/announce/Aug-2007/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://archives.seul.org/or/announce/Sep-2007/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/36271
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26301
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25188
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018510

Is Your Infrastructure Affected by CVE-2007-4174?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-4174

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-4174?