CVE-2011-4896

Tor < 0.2.2.24-alpha - Unauthorized Sensitive Information Exposure via Bridge Configuration

Title source: llm
STIX 2.1

Description

Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.

References (1)

Core 1
Core References
Various Sources x_refsource_confirm
https://blog.torproject.org/blog/tor-02224-alpha-out

Scores

EPSS 0.0159
EPSS Percentile 72.7%

Details

CWE
CWE-200
Status published
Products (47)
tor/tor 0.0.2
tor/tor 0.0.3
tor/tor 0.0.4
tor/tor 0.0.5
tor/tor 0.0.6
tor/tor 0.0.6.1
tor/tor 0.0.6.2
tor/tor 0.0.7
tor/tor 0.0.7.1
tor/tor 0.0.7.2
... and 37 more
Published Dec 23, 2011
Tracked Since Feb 18, 2026