DB4Web 3.4/3.6 - Connection Proxy

Author: Stefan Bagdohn
type: remote
platform: multiple
port: 
date_added: 2002-09-17  
date_updated: 2012-10-08  
verified: 1  
codes: CVE-2002-1484;OSVDB-14485  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21801.txt  

source: https://www.securityfocus.com/bid/5725/info

DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms.

By requesting a specially crafted URL, it is possible to initiate a TCP connect from the vulnerable server to a remote IP address and arbitrary port.

The server will then produce a debug page, which can be used to determine port status on the scanned host.

http://127.0.0.1/DB4Web/172.31.93.30:22/foo