Vulnerabilities > CVE-2004-1631 - Remote Cross-Site Scripting And Connection Proxy vulnerability in OpenWFE

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

openwfe

NVD

Published: 2004-10-25

Updated: 2017-07-11

Summary

Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results.

Vulnerable Configurations

Part	Description	Count
Application	Openwfe Openwfe Work Flow Engine 1.4 Openwfe Work Flow Engine 1.4.1 Openwfe Work Flow Engine 1.4.2 Openwfe Work Flow Engine 1.4.3 Openwfe Work Flow Engine 1.4.4 Openwfe Work Flow Engine 1.4.5	6

References

http://marc.info/?l=bugtraq&m=109876304705234&w=2
http://secunia.com/advisories/12970
http://www.securityfocus.com/bid/11514
https://exchange.xforce.ibmcloud.com/vulnerabilities/17852