cbcvebase.
CVE-2004-2597
published 2004-12-31

CVE-2004-2597: Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already…

PriorityP421medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.65%
73.5th percentile
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.

Affected

2 ranges
VendorProductVersion rangeFixed in
id_softwarequake_ii_server
id_softwarequake_ii_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.