CVE-2010-0384

Tor 0.2.2.x before 0.2.2.7-alpha - Exposure of Sensitive Information via Directory Mirror Logs

Title source: llm
STIX 2.1

Description

Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.

References (1)

Core 1
Core References
Various Sources mailing-list x_refsource_mlist
http://archives.seul.org/or/talk/Jan-2010/msg00162.html

Scores

EPSS 0.0035
EPSS Percentile 27.2%

Details

CWE
CWE-200
Status published
Products (6)
tor/tor 0.2.2.1 (2 CPE variants)
tor/tor 0.2.2.2 (2 CPE variants)
tor/tor 0.2.2.3 (2 CPE variants)
tor/tor 0.2.2.4 (2 CPE variants)
tor/tor 0.2.2.5 (2 CPE variants)
tor/tor 0.2.2.6 (2 CPE variants)
Published Jan 25, 2010
Tracked Since Feb 18, 2026