Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a / in a pathname argument, as demonstrated by download /server.cfg.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Quake_ii_server_windows | Id_software | 3.20 (including) | 3.20 (including) |
Quake_ii_server_windows | Id_software | 3.21 (including) | 3.21 (including) |