Lucene search

[email protected]CVE-2004-2079

HistoryMay 19, 2005 - 4:00 a.m.

CVE-2004-2079

2005-05-1904:00:00

[email protected]

web.nvd.nist.gov

red-m red-alert

authentication bypass

cve-2004-2079

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

JSON

Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.

Affected configurations

NVD

Node

red-mred-alertMatch2.7.5_v3.1_build_24

CPENameOperatorVersion
red-m:red-alertred-m red-alerteq2.7.5_v3.1_build_24

CPE	Name	Operator	Version
red-m:red-alert	red-m red-alert	eq	2.7.5_v3.1_build_24

References

genhex.org/releases/031003.txt

marc.info/?l=full-disclosure&m=107635119005407&w=2

securitytracker.com/id?1009001

www.osvdb.org/3952

www.securiteam.com/securitynews/5SP0C0KC0A.html

www.securityfocus.com/archive/1/353211

www.securityfocus.com/bid/9618

exchange.xforce.ibmcloud.com/vulnerabilities/15088

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for CVE-2004-2079

cvelist1 nvd1