CVE-2009-0654
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve.".
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5.1/10
- Exploit Score
- 4.9/10
- Access Vector
- Network
- Access Complexity
- High
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:*:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:* |
Yes
|
- | - |
References
Get started for free to scan for vulnerabilites.
Download Mageni. It is free to get started and can be installed in Windows, macOS and Linux.