vendor:
DB4Web
by:
SecurityFocus
2.6
CVSS
LOW
Remote Port Scanning
N/A
CWE
Product Name: DB4Web
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, and various Unix platforms
2002
DB4Web Remote Port Scanning Vulnerability
By requesting a specially crafted URL, it is possible to initiate a TCP connect from the vulnerable server to a remote IP address and arbitrary port. The server will then produce a debug page, which can be used to determine port status on the scanned host.
Mitigation:
Upgrade to the latest version of DB4Web.