CVE-2015-7665
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.1%
Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| tails_project:tails | tails project tails | le | 1.6 |
References
git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
www.openwall.com/lists/oss-security/2015/10/01/10
www.securityfocus.com/bid/76678
labs.riseup.net/code/issues/10364
lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
mailman.boum.org/pipermail/tails-dev/2015-August/009370.html
mailman.boum.org/pipermail/tails-dev/2015-October/009591.html
tails.boum.org/news/version_1.7/index.en.html
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.1%