Critical severity9.8NVD Advisory· Published Apr 22, 2003· Updated Apr 16, 2026

CVE-2002-1484

Description

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.

Affected products

Siemens Foundation/Db4web2 versions
cpe:2.3:a:siemens:db4web:3.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:siemens:db4web:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:db4web:3.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.iss.net/security_center/static/10136.phpnvdBroken LinkExploitVendor Advisory
www.securityfocus.com/bid/5725nvdBroken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
archives.neohapsis.com/archives/bugtraq/2002-09/0201.htmlnvdBroken LinkVendor Advisory
archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.htmlnvdBroken LinkVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000