DB4Web server, when configured to use verbose debug messages, allows remote malicious users to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
siemens db4web 3.6 |
||
siemens db4web 3.4 |