Main Vulnerability Database Vulnerabilities #VU44433

Information disclosure in Tor - CVE-2011-4897

Published: December 23, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44433

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-4897

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: tor.eff.org

Affected software:
Tor

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.

How to mitigate CVE-2011-4897

Install update from vendor's website.

Sources

https://blog.torproject.org/blog/tor-02225-alpha-out

Information disclosure in Tor - CVE-2011-4897

Detailed vulnerability description

How to mitigate CVE-2011-4897

Sources

Please verify you're human