VAR-201001-0712
Vulnerability from variot - Updated: 2025-04-11 22:59Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. Tor (The Onion Router) is an implementation of the second generation of onion routing software, through which users can communicate anonymously over the Internet. If the user submits a specially made query request to the bridge official directory, the directory authority will reveal all the tracked bridge identities in the response of dbg-stability.txt, which is an information disclosure. Tor is prone to a remote information-disclosure vulnerability. Exploits will allow attackers to obtain sensitive information that can help them launch further attacks. NOTE: Since certain Tor infrastructures were compromised, new version 3 identity keys have been issued. Versions prior to Tor 0.2.1.22 are vulnerable. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/
TITLE: Tor Directory Authorities Directory Queries Information Disclosure
SECUNIA ADVISORY ID: SA38198
VERIFY ADVISORY: http://secunia.com/advisories/38198/
DESCRIPTION: A security issue has been reported in Tor, which can be exploited by malicious people to disclose potentially sensitive information.
SOLUTION: Update to version 0.2.1.22.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://permalink.gmane.org/gmane.network.onion-routing.announce/30
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201001-0712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.2.2.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.1.2.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.2.2.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.2.2.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.1.2.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.2.2.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.2.2.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.2.2.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.1.2.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.2.2.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.1.1.20"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.1.0.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.1.0.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.1.0.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.1.0.11"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.1.0.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.1.2.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.1_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.25"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.21"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.15"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.8.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.21"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre21"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.1_alpha-cvs"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.10_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.2_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre22"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.5_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.23"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.22"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.26"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.4_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.6.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.8_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.9_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.11"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.7.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.30"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.7_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre27"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.20"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.6_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre24"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.7.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre25"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.15"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre15"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre23"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre26"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.11"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.15"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre20"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.6.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.3_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.7.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.8,
"vendor": "the tor",
"version": "0.2.2.7-alpha"
},
{
"model": "tor",
"scope": "lt",
"trust": 0.8,
"vendor": "the tor",
"version": "0.2.2.x"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.6,
"vendor": "tor",
"version": "0.2.x"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.2.35"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.2.34"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.2.33"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.2.32"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.2.31"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.214"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.123"
},
{
"model": ".5-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": ".4-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": ".3-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": ".2-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": ".1-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.118"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.2.1.21"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.2.1.20"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.2.15"
},
{
"model": "alpha-cvs",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.2.1"
},
{
"model": "tor",
"scope": "ne",
"trust": 0.3,
"vendor": "tor",
"version": "0.2.1.22"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5332"
},
{
"db": "BID",
"id": "37901"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005250"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-253"
},
{
"db": "NVD",
"id": "CVE-2010-0383"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:torproject:tor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005250"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roger Dingledine",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-253"
}
],
"trust": 0.6
},
"cve": "CVE-2010-0383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-0383",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-5332",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-0383",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-0383",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2010-5332",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201001-253",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5332"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005250"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-253"
},
{
"db": "NVD",
"id": "CVE-2010-0383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. Tor (The Onion Router) is an implementation of the second generation of onion routing software, through which users can communicate anonymously over the Internet. If the user submits a specially made query request to the bridge official directory, the directory authority will reveal all the tracked bridge identities in the response of dbg-stability.txt, which is an information disclosure. Tor is prone to a remote information-disclosure vulnerability. \nExploits will allow attackers to obtain sensitive information that can help them launch further attacks. \nNOTE: Since certain Tor infrastructures were compromised, new version 3 identity keys have been issued. \nVersions prior to Tor 0.2.1.22 are vulnerable. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nTor Directory Authorities Directory Queries Information Disclosure\n\nSECUNIA ADVISORY ID:\nSA38198\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38198/\n\nDESCRIPTION:\nA security issue has been reported in Tor, which can be exploited by\nmalicious people to disclose potentially sensitive information. \n\nSOLUTION:\nUpdate to version 0.2.1.22. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://permalink.gmane.org/gmane.network.onion-routing.announce/30\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0383"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005250"
},
{
"db": "CNVD",
"id": "CNVD-2010-5332"
},
{
"db": "BID",
"id": "37901"
},
{
"db": "PACKETSTORM",
"id": "85478"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-0383",
"trust": 3.3
},
{
"db": "BID",
"id": "37901",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "38198",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "61977",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005250",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-5332",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OR-TALK] 20100120 TOR 0.2.2.7-ALPHA IS OUT",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OR-TALK] 20100120 RE: TOR PROJECT INFRASTRUCTURE UPDATES IN RESPONSE TO SECURITY BREACH",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OR-ANNOUNCE] 20100121 TOR 0.2.1.22 IS RELEASED (SECURITY FIX)",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OR-TALK] 20100120 TOR PROJECT INFRASTRUCTURE UPDATES IN RESPONSE TO SECURITY BREACH",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "14397",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201001-253",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "85478",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5332"
},
{
"db": "BID",
"id": "37901"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005250"
},
{
"db": "PACKETSTORM",
"id": "85478"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-253"
},
{
"db": "NVD",
"id": "CVE-2010-0383"
}
]
},
"id": "VAR-201001-0712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5332"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5332"
}
]
},
"last_update_date": "2025-04-11T22:59:43.286000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.torproject.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005250"
},
{
"db": "NVD",
"id": "CVE-2010-0383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/37901"
},
{
"trust": 1.9,
"url": "http://archives.seul.org/or/talk/jan-2010/msg00161.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/38198"
},
{
"trust": 1.6,
"url": "http://osvdb.org/61977"
},
{
"trust": 1.6,
"url": "http://archives.seul.org/or/talk/jan-2010/msg00165.html"
},
{
"trust": 1.6,
"url": "http://archives.seul.org/or/talk/jan-2010/msg00162.html"
},
{
"trust": 1.6,
"url": "http://archives.seul.org/or/announce/jan-2010/msg00000.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0383"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0383"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/14397"
},
{
"trust": 0.3,
"url": "http://www.torproject.org/index.html.en"
},
{
"trust": 0.1,
"url": "http://permalink.gmane.org/gmane.network.onion-routing.announce/30"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/71/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/38198/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5332"
},
{
"db": "BID",
"id": "37901"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005250"
},
{
"db": "PACKETSTORM",
"id": "85478"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-253"
},
{
"db": "NVD",
"id": "CVE-2010-0383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-5332"
},
{
"db": "BID",
"id": "37901"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005250"
},
{
"db": "PACKETSTORM",
"id": "85478"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-253"
},
{
"db": "NVD",
"id": "CVE-2010-0383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-5332"
},
{
"date": "2010-01-21T00:00:00",
"db": "BID",
"id": "37901"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005250"
},
{
"date": "2010-01-21T10:22:16",
"db": "PACKETSTORM",
"id": "85478"
},
{
"date": "2010-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-253"
},
{
"date": "2010-01-25T19:30:01.637000",
"db": "NVD",
"id": "CVE-2010-0383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-5332"
},
{
"date": "2015-04-13T21:03:00",
"db": "BID",
"id": "37901"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005250"
},
{
"date": "2010-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-253"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-0383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-253"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tor official directory query request information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5332"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-253"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-253"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…