Vulnerability Details CVE-2008-6737
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.4%
CVSS Severity
CVSS v2 Score 7.8
References
- http://aluigi.altervista.org/adv/crysislog-adv.txt
- http://osvdb.org/46260
- http://secunia.com/advisories/30706
- http://www.securityfocus.com/bid/29720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43087
- http://aluigi.altervista.org/adv/crysislog-adv.txt
- http://osvdb.org/46260
- http://secunia.com/advisories/30706
- http://www.securityfocus.com/bid/29720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43087