Published: 22/04/2003 Updated: 08/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

DB4Web server, when configured to use verbose debug messages, allows remote malicious users to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens db4web 3.6
siemens db4web 3.4

source: wwwsecurityfocuscom/bid/5725/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web The application is available for Windows, Linux, and various Unix platforms By requesting a specially crafted URL, it is possible to initiate a TCP connect from t ...

Go package of CWE IDs and metadata

cwe Go package of CWE IDs and metadata The list is generated from a CSV from the Comprehensive CWE Dictionary Example Here's CWE-918: "CWE-918": { Name: "Server-Side Request Forgery (SSRF)", WeaknessAbstraction: "Base", Status: "Incomplete", Description: "The web server receives

CWE-918 http://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html http://www.iss.net/security_center/static/10136.php http://www.securityfocus.com/bid/5725 https://nvd.nist.gov https://github.com/Preetam/cwe https://www.exploit-db.com/exploits/21801/

CVE-2002-1484

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect