PT-2011-5152 · Tor · Tor

Publicado

2011-12-22

·

Atualizado

2024-06-15

·

CVE-2011-4894

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.2.2.34
Description The issue makes it easier for remote attackers to enumerate bridges by observing DirPort connections, as Tor uses direct DirPort access instead of a Tor TLS connection for a directory fetch when configured as a bridge.
Recommendations For versions prior to 0.2.2.34, update to version 0.2.2.34 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2011-4894
OPENSUSE-SU-2024:10423-1

Produtos afetados

Tor