CVE-2004-2646

Free Web Chat 2.0 - Denial of Service via Null usrName Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2646. PoCs published by Donato Ferrante.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in Free Web Chat server by sending a malformed username, causing a NullPointerException. It establishes a TCP connection to the target server and sends crafted data to trigger the crash.

Description

The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Donato Ferrante · cdosmultiple

https://www.exploit-db.com/exploits/24351

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in Free Web Chat server by sending a malformed username, causing a NullPointerException. It establishes a TCP connection to the target server and sends crafted data to trigger the crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Free Web Chat (Initial Release)

No auth needed

Prerequisites: Network access to the target server · Target server running Free Web Chat (Initial Release)

MITRE ATT&CK