Quake II Server IP Bypass Vulnerability

Quake II Server IP Bypass Vulnerability

CVE-2004-2597 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.

Learn more about our Cis Benchmark Audit For Server Software.