| Vulnerability Name: | CVE-1999-1289 (CCN-1398) | ||||||||
| Assigned: | 1998-11-11 | ||||||||
| Published: | 1998-11-11 | ||||||||
| Updated: | 2017-12-19 | ||||||||
| Summary: | ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, 11 Nov 1998 18:16:40 WARNING: Another ICQ IP address vulnerability Source: CCN Type: Black Sun Research Facility Web site The ICQ Security Tutorial Source: MITRE Type: CNA CVE-1999-1289 Source: CCN Type: Insecure.org ICQ Spoofing Source: CCN Type: OSVDB ID: 7964 ICQ Internal IP Address Disclosure Source: BUGTRAQ Type: Vendor Advisory 19981111 WARNING: Another ICQ IP address vulnerability Source: XF Type: UNKNOWN icq-ip-info(1398) Source: XF Type: UNKNOWN icq-ip-info(1398) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||