CVE-2004-2594

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "/" in a pathname argument, as demonstrated by "download /server.cfg".

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html
Exploit
http://secunia.com/advisories/13013
Vendor Advisory
http://secur1ty.net/advisories/001
Exploit
Vendor Advisory
http://securitytracker.com/id?1011979
Exploit
http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/
http://www.osvdb.org/11183
http://www.securityfocus.com/bid/11551
https://exchange.xforce.ibmcloud.com/vulnerabilities/17892
http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html
Exploit
http://secunia.com/advisories/13013
Vendor Advisory
http://secur1ty.net/advisories/001
Exploit
Vendor Advisory
http://securitytracker.com/id?1011979
Exploit
http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/
http://www.osvdb.org/11183
http://www.securityfocus.com/bid/11551
https://exchange.xforce.ibmcloud.com/vulnerabilities/17892

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:id_software:quake_ii_server_windows:3.20:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_ii_server_windows:3.21:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00874

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2004-2594

debian

больше 20 лет назад

Absolute path traversal vulnerability in Quake II server before R1Q2 o ...

GHSA-4839-775x-j3vf

github

больше 3 лет назад

Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".