PT-2004-3536 · Unknown · Free Web Chat
Donato Ferrante
·
Published
2004-12-31
·
Updated
2017-07-20
·
CVE-2004-2646
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Free Web Chat version 2.0
Description
The issue concerns the
addUser function in UserManager.java, which can be exploited by remote attackers to cause a denial of service. This is achieved by causing the usrName variable to be null, although the specific attack vectors are not detailed.Recommendations
For Free Web Chat version 2.0, consider adding a null check for the
usrName variable in the addUser function to prevent the NullPointerException and subsequent denial of service.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Free Web Chat