Vulnerabilities > CVE-2002-0770 - Remote Information Disclosure vulnerability in id Software Quake II Server 3.20/3.21
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | id Software Quake II Server 3.20/3.21 Remote Information Disclosure Vulnerability. CVE-2002-0770. Remote exploits for multiple platform |
| id | EDB-ID:21450 |
| last seen | 2016-02-02 |
| modified | 2002-05-15 |
| published | 2002-05-15 |
| reporter | Redix |
| source | https://www.exploit-db.com/download/21450/ |
| title | id Software Quake II Server 3.20/3.21 - Remote Information Disclosure Vulnerability |