PT-2004-2537 · Open Workflow Engine · Openwfe

Jose Antonio Coret

Publicado

2004-10-25

Atualizado

2017-07-11

CVE-2004-1631

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open WorkFlow Engine (OpenWFE) versions 1.4.x

Description The issue allows remote attackers to conduct port scans of remote hosts. This is achieved by specifying the target in an "rmi:// Worklist URL", then using the response times to infer the results.

Recommendations For OpenWFE versions 1.4.x, consider restricting access to the rmi:// Worklist URL to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1631

Produtos afetados

Openwfe

PT-2004-2537 · Open Workflow Engine · Openwfe

CVE-2004-1631

Identificadores relacionados

Produtos afetados

Referências · 5