PT-2004-2537 · Open Workflow Engine · Openwfe

Jose Antonio Coret

Published

2004-10-25

Updated

2017-07-11

CVE-2004-1631

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open WorkFlow Engine (OpenWFE) versions 1.4.x

Description The issue allows remote attackers to conduct port scans of remote hosts. This is achieved by specifying the target in an "rmi:// Worklist URL", then using the response times to infer the results.

Recommendations For OpenWFE versions 1.4.x, consider restricting access to the rmi:// Worklist URL to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1631

Affected Products

Openwfe

PT-2004-2537 · Open Workflow Engine · Openwfe

CVE-2004-1631

Related Identifiers

Affected Products

References · 5