Lucene search

K
cve[email protected]CVE-2008-6737
HistoryApr 21, 2009 - 6:30 p.m.

CVE-2008-6737

2009-04-2118:30:00
CWE-200
web.nvd.nist.gov
19
crysis
1.21
cve-2008-6737
sensitive information
player
remote attack

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.

Affected configurations

NVD
Node
eacrysisRange1.21
OR
eacrysisMatch1.1
OR
eacrysisMatch1.2

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

Related for CVE-2008-6737