Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-08-07T10:00:00
Updated: 2017-07-28T12:57:01
Reserved: 2007-08-07T00:00:00
Link: CVE-2007-4174
JSON object: View
NVD Information
Status : Modified
Published: 2007-08-07T10:17:00.000
Modified: 2017-07-29T01:32:45.910
Link: CVE-2007-4174
JSON object: View
Redhat Information
No data.
CWE