CVE-2002-1484

CRITICAL9.8

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message

Published Mar 18, 2003

Modified 1 years ago

No fix available

Details

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.

References

WEBhttp://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html WEBhttp://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html WEBhttp://www.iss.net/security_center/static/10136.php WEBhttp://www.securityfocus.com/bid/5725 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2002-1484

CVSS Analysis

CVSS v3.1

9.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMar 18, 2003

ModifiedAug 8, 2024