Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PKG:DB4WEB-FILE-ACCESS-WIN

Severity

 Medium

Recommended

 No

Category

 HTTP

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+

HTTP: DB4Web Arbitrary File Disclosure (Windows)


The DB4Web server contains a known vulnerability that allows an attacker to download arbitrary files on the victim host through a Web browser. This can result in the attacker gaining sensitive system information such as passwords. This vulnerability is present in DB4Web (R) Application Server for Windows.

Extended Description

DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. A directory traversal bug exists in DB4Web. By passing a maliciously crafted query to the application, an attacker can potentially gain access to arbitrary system files. This is due to the application insufficiently validating the user supplied input.

Affected Products

  • DB4Web 3.4.0
  • DB4Web 3.6.0

References

  • BugTraq: 5723
  • CVE: CVE-2002-1483
  • URL: http://www.db4web.de/DB4Web/home/DB4Web/hotfix_e.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy & Policy
Legal Notices
Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out