CVE-2002-1484

CRITICAL

DB4Web - Server-Side Request Forgery via Debug Message Proxy

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1484. PoCs published by Stefan Bagdohn.

AI-analyzed exploit summary This exploit leverages a URL-based SSRF vulnerability in DB4Web to force the server to initiate a TCP connection to an arbitrary IP and port, which can be used for port scanning or internal network reconnaissance.

Description

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stefan Bagdohn · textremotemultiple
https://www.exploit-db.com/exploits/21801

This exploit leverages a URL-based SSRF vulnerability in DB4Web to force the server to initiate a TCP connection to an arbitrary IP and port, which can be used for port scanning or internal network reconnaissance.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: DB4Web (version not specified)
No auth needed
Prerequisites: Network access to the vulnerable DB4Web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Broken Link, Vendor Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html
Broken Link, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html
Broken Link, Exploit, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10136.php
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5725

Scores

CVSS v3 9.8
EPSS 0.0741
EPSS Percentile 92.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-918
Status published
Products (2)
siemens/db4web 3.4
siemens/db4web 3.6
Published Apr 22, 2003
Tracked Since Feb 18, 2026