Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2597


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2597
Last Modified 05 Sep 2008 04:44:35
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.

Vulnerable Systems


  • Id Software Quake Ii Server 3.20

  • Id Software Quake Ii Server 3.21


XF - quake-ip-spoofing(17895)

BID - 11551

OSVDB - 11186


SECTRACK - 1011979


SECUNIA - 13013

BUGTRAQ - 20041027 Multiple Vulnerabilites in Quake II Server

Last Updated: 27 May 2016 10:39:33