CVE-2015-7665

Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command.  NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
tails_projecttails
𝑥
≤ 1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
http://www.openwall.com/lists/oss-security/2015/10/01/10
http://www.securityfocus.com/bid/76678
https://labs.riseup.net/code/issues/10364
https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html
https://mailman.boum.org/pipermail/tails-dev/2015-October/009591.html
https://tails.boum.org/news/version_1.7/index.en.html
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
http://www.openwall.com/lists/oss-security/2015/10/01/10
http://www.securityfocus.com/bid/76678
https://labs.riseup.net/code/issues/10364
https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html
https://mailman.boum.org/pipermail/tails-dev/2015-October/009591.html
https://tails.boum.org/news/version_1.7/index.en.html