CVE-2015-7665
MEDIUMTails < 1.6 - Unauthorized IP Address Exposure via wget FTP Mode Fallback
Title source: llmDescription
Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.
References (8)
Core 8
Core References
Various Sources mailing-list
x_refsource_mlist
https://mailman.boum.org/pipermail/tails-dev/2015-October/009591.html
Various Sources mailing-list
x_refsource_mlist
https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/01/10
Issue Tracking x_refsource_confirm
https://labs.riseup.net/code/issues/10364
Various Sources mailing-list
x_refsource_mlist
https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
Patch x_refsource_confirm
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76678
Vendor Advisory x_refsource_confirm
https://tails.boum.org/news/version_1.7/index.en.html
Scores
CVSS v3
5.3
EPSS
0.0160
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
tails_project/tails
< 1.6
Published
Dec 27, 2015
Tracked Since
Feb 18, 2026