header-logo
Suggest Exploit
vendor:
DB4Web
by:
SecurityFocus
2.6
CVSS
LOW
Remote Port Scanning
N/A
CWE
Product Name: DB4Web
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, and various Unix platforms
2002

DB4Web Remote Port Scanning Vulnerability

By requesting a specially crafted URL, it is possible to initiate a TCP connect from the vulnerable server to a remote IP address and arbitrary port. The server will then produce a debug page, which can be used to determine port status on the scanned host.

Mitigation:

Upgrade to the latest version of DB4Web.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5725/info

DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms.

By requesting a specially crafted URL, it is possible to initiate a TCP connect from the vulnerable server to a remote IP address and arbitrary port.

The server will then produce a debug page, which can be used to determine port status on the scanned host.

http://127.0.0.1/DB4Web/172.31.93.30:22/foo