Vulnerability Details : CVE-2006-3414
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.
Products affected by CVE-2006-3414
- cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.6_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.7_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.8_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.10_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.9_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3414
0.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3414
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2006-3414
-
http://security.gentoo.org/glsa/glsa-200606-04.xml
Tor: Several vulnerabilities (GLSA 200606-04) — Gentoo security
-
http://tor.eff.org/cvs/tor/ChangeLog
404 Not Found
Jump to