CVE-2004-2597

2004-12-31T05:00:00
ID CVE-2004-2597
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:32:00

Description

Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.