CVE-2007-1103
First published: Mon Feb 26 2007(Updated: )
Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tor (The Onion Router) | <=0.1.1.26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-1103?
CVE-2007-1103 is considered a moderate severity vulnerability that affects the Tor network.
How do I fix CVE-2007-1103?
To mitigate CVE-2007-1103, update your Tor software to a version later than 0.1.1.26 where this issue has been addressed.
What types of attacks can exploit CVE-2007-1103?
CVE-2007-1103 can be exploited by remote attackers to compromise the anonymity of users by introducing false node resource claims.
Which versions of Tor are affected by CVE-2007-1103?
CVE-2007-1103 affects all versions of Tor up to and including 0.1.1.26.
What impact does CVE-2007-1103 have on Tor users?
CVE-2007-1103 can lead to a degradation of anonymity for Tor users by allowing low resource nodes to handle more traffic than they should.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/tor
- canonical/tor (the onion router)
- version/tor (the onion router)/0.1.1.26