Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1484


Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1484
Last Modified 05 Sep 2008 04:30:43
Published 22 Apr 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.

Vulnerable Systems


  • Db4web 3.4

  • Db4web 3.6


BID - 5725

XF - db4web-tcp-portscan(10136)

VULNWATCH - 20020919 Advisory: TCP-Connection risk in DB4Web

BUGTRAQ - 20020917 Advisory: TCP-Connection risk in DB4Web

Last Updated: 27 May 2016 10:37:21