CVE-2007-4174 - OpenCVE

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tor	Tor

Configuration 1 [-]

OR	cpe:2.3:a:tor:tor::::::::
	cpe:2.3:a:tor:tor:0.1.2.1:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.2:::::::*
	cpe:2.3:a:tor:tor:0.1.2.3:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.4:::::::*
	cpe:2.3:a:tor:tor:0.1.2.5:::::::*
	cpe:2.3:a:tor:tor:0.1.2.5:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.6:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.7:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.8:beta::::::
	cpe:2.3:a:tor:tor:0.1.2.9:::::::*
	cpe:2.3:a:tor:tor:0.1.2.10:::::::*
	cpe:2.3:a:tor:tor:0.1.2.11:::::::*
	cpe:2.3:a:tor:tor:0.1.2.12:::::::*
	cpe:2.3:a:tor:tor:0.1.2.13:::::::*
	cpe:2.3:a:tor:tor:0.1.2.14:::::::*

No data.

References

Link	Providers
http://archives.seul.org/or/announce/Aug-2007/msg00000.html
http://archives.seul.org/or/announce/Sep-2007/msg00000.html
http://osvdb.org/36271
http://secunia.com/advisories/26301
http://www.securityfocus.com/bid/25188
http://www.securitytracker.com/id?1018510
http://www.vupen.com/english/advisories/2007/2768
https://exchange.xforce.ibmcloud.com/vulnerabilities/35784
https://exchange.xforce.ibmcloud.com/vulnerabilities/36407

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-07T10:00:00

Updated: 2024-08-07T14:46:39.367Z

Reserved: 2007-08-07T00:00:00

Link: CVE-2007-4174

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-07T10:17:00.000

Modified: 2017-07-29T01:32:45.910

Link: CVE-2007-4174

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25188", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25188"}, {"name": "tor-control-command-execution(36407)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36407"}, {"name": "1018510", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018510"}, {"name": "tor-controlport-security-bypass(35784)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35784"}, {"name": "ADV-2007-2768", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2768"}, {"name": "36271", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36271"}, {"name": "26301", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26301"}, {"name": "[or-announce] 20070901 Tor security advisory: cross-protocol http form attack", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://archives.seul.org/or/announce/Sep-2007/msg00000.html"}, {"name": "[or-announce] 20070802 Tor 0.1.2.16 is released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://archives.seul.org/or/announce/Aug-2007/msg00000.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4174", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25188", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25188"}, {"name": "tor-control-command-execution(36407)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36407"}, {"name": "1018510", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018510"}, {"name": "tor-controlport-security-bypass(35784)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35784"}, {"name": "ADV-2007-2768", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2768"}, {"name": "36271", "refsource": "OSVDB", "url": "http://osvdb.org/36271"}, {"name": "26301", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26301"}, {"name": "[or-announce] 20070901 Tor security advisory: cross-protocol http form attack", "refsource": "MLIST", "url": "http://archives.seul.org/or/announce/Sep-2007/msg00000.html"}, {"name": "[or-announce] 20070802 Tor 0.1.2.16 is released", "refsource": "MLIST", "url": "http://archives.seul.org/or/announce/Aug-2007/msg00000.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.367Z"}, "title": "CVE Program Container", "references": [{"name": "25188", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25188"}, {"name": "tor-control-command-execution(36407)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36407"}, {"name": "1018510", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018510"}, {"name": "tor-controlport-security-bypass(35784)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35784"}, {"name": "ADV-2007-2768", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2768"}, {"name": "36271", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36271"}, {"name": "26301", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26301"}, {"name": "[or-announce] 20070901 Tor security advisory: cross-protocol http form attack", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://archives.seul.org/or/announce/Sep-2007/msg00000.html"}, {"name": "[or-announce] 20070802 Tor 0.1.2.16 is released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://archives.seul.org/or/announce/Aug-2007/msg00000.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4174", "datePublished": "2007-08-07T10:00:00", "dateReserved": "2007-08-07T00:00:00", "dateUpdated": "2024-08-07T14:46:39.367Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*", "matchCriteriaId": "67A44A79-CE5A-44D7-A6E6-4E7A3AA1DA2C", "versionEndIncluding": "0.1.2.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "E149062A-F48E-4E99-8A3C-B32FFC922695", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A74A3860-1FE5-4A03-9C99-2646F1AF84A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "4340AB16-25B5-4371-B490-6F2563268358", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "EA145B1E-674C-4C79-93C0-BC24EC5F8CDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "FCD8B5C4-C680-4DE2-9245-0A8F380C15E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*", "matchCriteriaId": "9B671031-08A4-4B9D-B3DA-7D074D8BFAC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*", "matchCriteriaId": "1A2098AF-763E-4F62-BBD9-A4C9AC411C3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*", "matchCriteriaId": "1F3C6BA8-9ED9-42F8-9054-F94840E653E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*", "matchCriteriaId": "27D917E6-7E71-4B14-8881-C22755C6899B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "F22F7D60-BBAE-4951-B84C-C70BEB88B6F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "72B2E210-F46F-4A86-A923-82599D0CFF8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "2C0372D0-8181-4812-9741-70DC4C0AEA2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "62E983BF-8D3F-4B20-A89A-BC324C5AD150", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "EF4EC417-80F8-4B04-9176-3B9199662D29", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "EFC7477A-5DDA-42A6-828E-A818CCF208B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node."}, {"lang": "es", "value": "Tor versiones anteriores a 0.1.2.16, cuando ControlPort est\u00e1 habilitado, no restringe apropiadamente los comandos al puerto localhost 9051, lo que permite a atacantes remotos modificar el archivo de configuraci\u00f3n de torrc, comprometer el anonimato y presentar otro impacto no especificado por medio de datos POST HTTP que contienen comandos sin autenticaci\u00f3n v\u00e1lida, como es demostrado por un formulario HTML (1) alojado en un sitio web o (2) inyectado por un nodo de salida Tor."}], "id": "CVE-2007-4174", "lastModified": "2017-07-29T01:32:45.910", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-07T10:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.seul.org/or/announce/Aug-2007/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://archives.seul.org/or/announce/Sep-2007/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36271"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26301"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25188"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018510"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2768"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35784"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36407"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}