Detections
Analytics

DB4Web Server Debug Mode TCP Port Scanning Proxy

medium Nessus Plugin ID 11180

Synopsis

An application running on the remote host has an information disclosure vulnerability.

Description

The DB4Web debug page allows anybody to scan other machines.
This could allow a remote attacker to learn more about the internal network layout, which could be used to mount further attacks.

Solution

Replace the debug page with a non-verbose error page.

See Also

http://www.nessus.org/u?29b846de

Plugin Details

Severity: Medium

ID: 11180

File Name: db4web_tcp_relay.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 12/2/2002

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/17/2002

Reference Information

CVE: CVE-2002-1484

BID: 5725

Secunia: 7119