CVE-1999-1289
First published: Wed Nov 11 1998(Updated: )
ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CenterICQ | =98_beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-1999-1289?
CVE-1999-1289 is considered a medium severity vulnerability due to the exposure of potentially sensitive internal IP information.
How do I fix CVE-1999-1289?
To mitigate CVE-1999-1289, upgrade to a secure version of ICQ that does not leak internal IP addresses.
What types of information are exposed in CVE-1999-1289?
CVE-1999-1289 leaks the internal IP address of a client, potentially revealing details about the client's network configuration.
Who is affected by CVE-1999-1289?
Users running ICQ 98 beta on Windows NT are directly affected by CVE-1999-1289.
Can CVE-1999-1289 be exploited remotely?
Yes, CVE-1999-1289 can be exploited by remote attackers who can analyze the leaked TCP data segments.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/mirabilis
- canonical/centericq
- version/centericq/98_beta