Vulnerability Description
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
CVSS Score
5.8
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tor | Tor | 0.1.0.10 |
References
- http://archives.seul.org/or/announce/Jul-2007/msg00000.htmlPatch
- http://osvdb.org/46970
- http://secunia.com/advisories/26140PatchVendor Advisory
- http://www.securityfocus.com/bid/25035Patch
- http://www.vupen.com/english/advisories/2007/2634
- http://archives.seul.org/or/announce/Jul-2007/msg00000.htmlPatch
- http://osvdb.org/46970
- http://secunia.com/advisories/26140PatchVendor Advisory
- http://www.securityfocus.com/bid/25035Patch
- http://www.vupen.com/english/advisories/2007/2634
FAQ
What is CVE-2007-4098?
CVE-2007-4098 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
How severe is CVE-2007-4098?
CVE-2007-4098 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4098?
Check the references section above for vendor advisories and patch information. Affected products include: Tor Tor.