CVE-2007-4174

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.1.2.16

Description The issue allows remote attackers to modify the torrc configuration file and compromise anonymity. This can be achieved by sending HTTP POST data containing commands without valid authentication. For example, an attacker could use an HTML form hosted on a web site or inject malicious content as a Tor exit node.

Recommendations For Tor versions prior to 0.1.2.16, update to version 0.1.2.16 or later to resolve the issue. As a temporary workaround, consider disabling the ControlPort to minimize the risk of exploitation. Restrict access to the torrc configuration file to prevent unauthorized modifications.