Summary
This host is installed with Tor browser
and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attackers
to manipulate protocol headers and perform traffic confirmation attack.
Impact Level: Application
Solution
Upgrade to version 0.2.4.23 or
0.2.5.6-alpha or later, For updates refer to https://www.torproject.org
Insight
Flaw exists due to an error
in the handling of sequences of Relay and Relay Early commands.
Affected
Tor browser before 0.2.4.23 and 0.2.5
before 0.2.5.6-alpha on Linux
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-5117 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
- Asterisk Missing ACL Check Remote Security Bypass Vulnerability
- Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)