VDB
CVE-2002-0770
CVE-2002-0770
PUBLISHED
CVSS 5 MEDIUM
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
EPSS 5.18% · 90.1th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
5.18%
90.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| id_software | quake_2i_server | 3.20, 3.21 |
| n/a | n/a | n/a |
Timeline
- Jul 26, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- quake2-unexpanded-var-disclosure(9095) vdb
- 20020514 Remote quake 2 3.2x server cvar leak mailing-list
- VU#970915 third-party-advisory
- 11187 vdb
- http://www.quakesrc.org/forum/topicDisplay.php?topicID=160 url
- 4744 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2002-0770 advisory