CVE-2007-4174

Tor <0.1.2.16 - Command Injection

Title source: llm

Description

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

Exploits (2)

exploitdb WORKING POC VERIFIED

by elgCrew · htmlremotewindows

https://www.exploit-db.com/exploits/4468

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by anonymous · htmlremotewindows

https://www.exploit-db.com/exploits/30447

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25188

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36407

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018510

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35784

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/2768

[Third Party Advisory, VDB Entry] http://osvdb.org/36271

[Vendor Advisory] http://secunia.com/advisories/26301

[Various Sources] http://archives.seul.org/or/announce/Sep-2007/msg00000.html

[Various Sources] http://archives.seul.org/or/announce/Aug-2007/msg00000.html

Scores

EPSS 0.1913

EPSS Percentile 95.4%

Details

CWE

CWE-264

Status published

Products (15)

tor/tor 0.1.2.1 alpha

tor/tor 0.1.2.2

tor/tor 0.1.2.3 alpha

tor/tor 0.1.2.4

tor/tor 0.1.2.5 (2 CPE variants)

tor/tor 0.1.2.6 alpha

tor/tor 0.1.2.7 alpha

tor/tor 0.1.2.8 beta

tor/tor 0.1.2.9

tor/tor 0.1.2.10

... and 5 more

Published Aug 07, 2007

Tracked Since Feb 18, 2026