Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tor 'ControlPort'访问控制漏洞
Vulnerability Description
Tor是一个工具集,帮助各类组织和个人增强互联网上活动的安全。 Tor在处理特定的连接功能时存在漏洞,远程攻击者可能利用此漏洞非授权获取访问。 如果启用了Tor中的ControlPort功能的话,则在处理到ControlPort的多个连接时远程攻击者可以在某些情况下非授权重写用户的torrc配置文件,这可能弱化软件所提供的匿名服务。
CVSS Information
N/A
Vulnerability Type
N/A