CVE-2004-2594

Exploit

EPSS 0.87%
Published 31.12.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Id Software ≫ Quake Ii Server Windows Version3.20

Id Software ≫ Quake Ii Server Windows Version3.21

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.87%	0.731

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html

Exploit

http://secunia.com/advisories/13013

Vendor Advisory

http://secur1ty.net/advisories/001

Vendor Advisory

Exploit

http://securitytracker.com/id?1011979

Exploit

http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/

http://www.securityfocus.com/bid/11551

http://www.osvdb.org/11183

https://exchange.xforce.ibmcloud.com/vulnerabilities/17892

https://nvd.nist.gov/vuln/detail/CVE-2004-2594

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-2594

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-2594

EUVD