Vulnerability Description
Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lionmax Software | Chat Anywhere | <= 2.72 |
References
- http://aluigi.altervista.org/adv/chatany-ghost-adv.txtExploit
- http://marc.info/?l=bugtraq&m=107885946220895&w=2
- http://www.lionmax.com/chatanywhere.htmPatch
- http://www.securityfocus.com/bid/9823Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15416
- http://aluigi.altervista.org/adv/chatany-ghost-adv.txtExploit
- http://marc.info/?l=bugtraq&m=107885946220895&w=2
- http://www.lionmax.com/chatanywhere.htmPatch
- http://www.securityfocus.com/bid/9823Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15416
FAQ
What is CVE-2004-1802?
CVE-2004-1802 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.
How severe is CVE-2004-1802?
CVE-2004-1802 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1802?
Check the references section above for vendor advisories and patch information. Affected products include: Lionmax Software Chat Anywhere.