Required CVE Record Information
Description
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.
References 8 Total
- http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/
- securitytracker.com: 1011979 vdb-entry
- securityfocus.com: 11551 vdb-entry
- osvdb.org: 11186 vdb-entry
- secunia.com: 13013 third-party-advisory
- http://secur1ty.net/advisories/001
- exchange.xforce.ibmcloud.com: quake-ip-spoofing(17895) vdb-entry
- archives.neohapsis.com: 20041027 Multiple Vulnerabilites in Quake II Server mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/ x_transferred
- securitytracker.com: 1011979 vdb-entryx_transferred
- securityfocus.com: 11551 vdb-entryx_transferred
- osvdb.org: 11186 vdb-entryx_transferred
- secunia.com: 13013 third-party-advisoryx_transferred
- http://secur1ty.net/advisories/001 x_transferred
- exchange.xforce.ibmcloud.com: quake-ip-spoofing(17895) vdb-entryx_transferred
- archives.neohapsis.com: 20041027 Multiple Vulnerabilites in Quake II Server mailing-listx_transferred