CVE-2004-2466
CVE-2004-2466
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 74.7%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
20 Aug 2005Published on NVD
14 Aug 2007Metasploit module available
06 Aug 2010Public PoC
Weaponization speed
1812 daysto first PoC
724 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
Affected products
n/a · n/apublic PoCs found — 6
cve_referencepacketstormsecurity.com/files/167892/Easy-Chat-Server-3.1-Buffer-Overflow.htmlunverifiedcve_referencewww.exploit-db.com/exploits/33326unverifiedexploitdbwww.exploit-db.com/exploits/50999unverifiedexploitdbwww.exploit-db.com/exploits/16772unverifiedexploitdbwww.exploit-db.com/exploits/33326unverifiedcve_referencewww.exploit-db.com/exploits/4289unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://archives.neohapsis.com/archives/bugtraq/2004-07/0013.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2004-07/0077.htmlhttp://packetstormsecurity.com/files/167892/Easy-Chat-Server-3.1-Buffer-Overflow.htmlhttp://secunia.com/advisories/12006http://secunia.com/advisories/26461http://secunia.com/advisories/58427https://exchange.xforce.ibmcloud.com/vulnerabilities/16629https://exchange.xforce.ibmcloud.com/vulnerabilities/36013https://www.exploit-db.com/exploits/4289http://www.autistici.org/fdonato/advisory/EasyChatServer1.2-adv.txthttp://www.exploit-db.com/exploits/33326http://www.osvdb.org/7416