Vulnerability Details : CVE-2006-3412
Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.
Products affected by CVE-2006-3412
- cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.6_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.7_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.8_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.10_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.9_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3412
0.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3412
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
References for CVE-2006-3412
-
http://security.gentoo.org/glsa/glsa-200606-04.xml
Tor: Several vulnerabilities (GLSA 200606-04) — Gentoo securityPatch;Vendor Advisory
-
http://tor.eff.org/cvs/tor/ChangeLog
404 Not Found
Jump to