CVE-2004-2724

LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2724
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
lionmax_software / chat_anywhere	2.72a	2.72a.x

http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1183.html
http://secunia.com/advisories/12398
http://securitytracker.com/id?1011080
http://www.autistici.org/fdonato/advisory/ChatAnywhere2.72a-adv.txt
http://www.osvdb.org/9275
https://exchange.xforce.ibmcloud.com/vulnerabilities/17148

Vulnerability Database

290,273

CVE-2004-2724