Home > Vulnerability Database > CVE-2007-4174

Mend.io Vulnerability Database

CVE-2007-4174

Date: August 7, 2007

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

Severity Score

4.8

Related Resources (11)

Url: http://www.vupen.com/english/advisories/2007/2768

Url: http://archives.seul.org/or/announce/Sep-2007/msg00000.html

Url: http://www.securitytracker.com/id?1018510

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-4174

Url: http://www.securityfocus.com/bid/25188

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/35784

Url: http://osvdb.org/36271

Url: http://archives.seul.org/or/announce/Aug-2007/msg00000.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/36407

Url: http://secunia.com/advisories/26301

Url: https://www.mend.io/vulnerability-database/CVE-2007-4174

Severity Score

4.8

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-4174

Date: August 7, 2007

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?