CVE-2024-1104 HIGH

CVE-2024-1104: Temporary denial of service during a brute force attack

Vendor Areal Topkapi
Product Webserv2
Weakness CWE-307 · Brute force
Published February 22, 2024
Last update August 14, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users.

Key dates

02Disclosure timeline

February 22, 2024 CVE published
August 14, 2024 Record updated