CVE-2015-7665

MEDIUM

Tails < 1.6 - Unauthorized IP Address Exposure via wget FTP Mode Fallback

Title source: llm
STIX 2.1

Description

Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.

References (8)

Core 8
Core References
Various Sources mailing-list x_refsource_mlist
https://mailman.boum.org/pipermail/tails-dev/2015-October/009591.html
Various Sources mailing-list x_refsource_mlist
https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/01/10
Issue Tracking x_refsource_confirm
https://labs.riseup.net/code/issues/10364
Various Sources mailing-list x_refsource_mlist
https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76678
Vendor Advisory x_refsource_confirm
https://tails.boum.org/news/version_1.7/index.en.html

Scores

CVSS v3 5.3
EPSS 0.0160
EPSS Percentile 72.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
tails_project/tails < 1.6
Published Dec 27, 2015
Tracked Since Feb 18, 2026