Vulnerability Description
The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Reid Garner | Free Web Chat | initial_release |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0102.htmlExploitPatch
- http://marc.info/?l=bugtraq&m=109164397601049&w=2
- http://securitytracker.com/alerts/2004/Aug/1010851.htmlExploitPatch
- http://www.osvdb.org/8369
- http://www.securityfocus.com/bid/10863Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16893
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0102.htmlExploitPatch
- http://marc.info/?l=bugtraq&m=109164397601049&w=2
- http://securitytracker.com/alerts/2004/Aug/1010851.htmlExploitPatch
- http://www.osvdb.org/8369
- http://www.securityfocus.com/bid/10863Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16893
FAQ
What is CVE-2004-2646?
CVE-2004-2646 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName var...
How severe is CVE-2004-2646?
CVE-2004-2646 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2646?
Check the references section above for vendor advisories and patch information. Affected products include: Reid Garner Free Web Chat.