CVE-2010-0384
Tor 0.2.2.x before 0.2.2.7-alpha - Exposure of Sensitive Information via Directory Mirror Logs
Title source: llmDescription
Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.
References (1)
Core 1
Core References
Various Sources mailing-list
x_refsource_mlist
http://archives.seul.org/or/talk/Jan-2010/msg00162.html
Scores
EPSS
0.0035
EPSS Percentile
27.2%
Details
CWE
CWE-200
Status
published
Products (6)
tor/tor
0.2.2.1 (2 CPE variants)
tor/tor
0.2.2.2 (2 CPE variants)
tor/tor
0.2.2.3 (2 CPE variants)
tor/tor
0.2.2.4 (2 CPE variants)
tor/tor
0.2.2.5 (2 CPE variants)
tor/tor
0.2.2.6 (2 CPE variants)
Published
Jan 25, 2010
Tracked Since
Feb 18, 2026