admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 09:41:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2007/CVE-2007-41xx/CVE-2007-4174.json

193 lines
6.6 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2007-4174",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-08-07T10:17:00.000",
"lastModified": "2017-07-29T01:32:45.910",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node."
},
{
"lang": "es",
"value": "Tor versiones anteriores a 0.1.2.16, cuando ControlPort est\u00e1 habilitado, no restringe apropiadamente los comandos al puerto localhost 9051, lo que permite a atacantes remotos modificar el archivo de configuraci\u00f3n de torrc, comprometer el anonimato y presentar otro impacto no especificado por medio de datos POST HTTP que contienen comandos sin autenticaci\u00f3n v\u00e1lida, como es demostrado por un formulario HTML (1) alojado en un sitio web o (2) inyectado por un nodo de salida Tor."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.1.2.15",
"matchCriteriaId": "67A44A79-CE5A-44D7-A6E6-4E7A3AA1DA2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E149062A-F48E-4E99-8A3C-B32FFC922695"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A3860-1FE5-4A03-9C99-2646F1AF84A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4340AB16-25B5-4371-B490-6F2563268358"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA145B1E-674C-4C79-93C0-BC24EC5F8CDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD8B5C4-C680-4DE2-9245-0A8F380C15E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*",
"matchCriteriaId": "9B671031-08A4-4B9D-B3DA-7D074D8BFAC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*",
"matchCriteriaId": "1A2098AF-763E-4F62-BBD9-A4C9AC411C3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*",
"matchCriteriaId": "1F3C6BA8-9ED9-42F8-9054-F94840E653E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "27D917E6-7E71-4B14-8881-C22755C6899B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F22F7D60-BBAE-4951-B84C-C70BEB88B6F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "72B2E210-F46F-4A86-A923-82599D0CFF8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0372D0-8181-4812-9741-70DC4C0AEA2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "62E983BF-8D3F-4B20-A89A-BC324C5AD150"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4EC417-80F8-4B04-9176-3B9199662D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC7477A-5DDA-42A6-828E-A818CCF208B7"
}
]
}
]
}
],
"references": [
{
"url": "http://archives.seul.org/or/announce/Aug-2007/msg00000.html",
"source": "cve@mitre.org"
},
{
"url": "http://archives.seul.org/or/announce/Sep-2007/msg00000.html",
"source": "cve@mitre.org"
},
Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00
{
"url": "http://osvdb.org/36271",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/26301",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
bootstrap
2023-04-24 12:24:31 +02:00
{
"url": "http://www.securityfocus.com/bid/25188",
"source": "cve@mitre.org"
},
{
"url": "http://www.securitytracker.com/id?1018510",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2007/2768",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35784",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36407",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue Copy Permalink