Summary
This host is installed with Tor and is prone to Information Disclosure vulnerability.
Impact
Successful exploitation will allow attackers to obtain sensitive information that can help them launch further attacks.
Impact level: Application
Solution
Upgrade to version 0.2.1.22 or later
http://www.torproject.org/download.html.en
Insight
The issue is due to bridge directory authorities disclosing all tracked bridge identities when responding to 'dbg-stability.txt' directory queries.
Affected
Tor version prior to 0.2.1.22 and 0.2.2.x before 0.2.2.7-alpha on Linux.
References
Severity
Classification
-
CVE CVE-2010-0383, CVE-2010-0385 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
- Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
- Apple Remote Desktop Information Disclosure Vulnerability
- Apple Safari 'background' Remote Denial Of Service Vulnerability