← Back

CVE-2002-1484

nvd nist
Published: Apr 22, 2003Modified: Apr 16, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.

Affected (2)

Products: Siemens: Db4web
Siemens
1 product
Db4web
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Siemens
Db4web
Version 3.4
Db4web
Version 3.6

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Broken LinkExploitVendor Advisory
Source: cve@mitre.org
Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory

Timeline

No history available yet.