Vulnerabilities > CVE-2002-1484 - Server-Side Request Forgery (SSRF) vulnerability in Siemens Db4Web 3.4/3.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | DB4Web 3.4/3.6 Connection Proxy Vulnerability. CVE-2002-1484. Remote exploits for multiple platform |
id | EDB-ID:21801 |
last seen | 2016-02-02 |
modified | 2002-09-17 |
published | 2002-09-17 |
reporter | Stefan Bagdohn |
source | https://www.exploit-db.com/download/21801/ |
title | DB4Web 3.4/3.6 Connection Proxy Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | DB4WEB_TCP_RELAY.NASL |
description | The DB4Web debug page allows anybody to scan other machines. This could allow a remote attacker to learn more about the internal network layout, which could be used to mount further attacks. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11180 |
published | 2002-12-02 |
reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11180 |
title | DB4Web Server Debug Mode TCP Port Scanning Proxy |
code |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html
- http://www.iss.net/security_center/static/10136.php
- http://www.iss.net/security_center/static/10136.php
- http://www.securityfocus.com/bid/5725
- http://www.securityfocus.com/bid/5725