GEN:SID 1:2060
Message WEB-MISC DB4Web access
Summary This event is generated when an attempt is made to exploit a known
vulnerability in DB4Web.
Impact Information disclosure
Detailed Information DB4Web is an application server used to access various sources of data
via a web interface.

DB4Web does not handle the characters ":" and "\" correctly when they
are URL encoded. An attacker can use this flaw to gain access to
sensitive system information.

Also the application does not correctly handle the use of extra "/" in a
URI.

It is also possible for the attacker to open arbitrary TCP connections
using DB4Web and may be able to use it for portscanning other hosts.
Affected Systems  
Attack Scenarios The attacker merely needs to make a normal HTTP request with the
characters ":" or "\" encoded (%3A%5C) followed by the commands the
attacker wishes to run.

The attacker can also make a request like
http://www.foo.com/cgi-bin/db4web_c/dbdirname//etc/passwd to view the
contents of the password file.
Ease of Attack Simple
Corrective Action Disable access to DB4Web from external sources.

Apply the appropriate vendor patches.

Run the webserver in a chroot environment to mitigate the risks of
disclosure.
Additional References DB4Web
http://www.db4web.de/DB4Web/home/DB4Web/hotfix_e.html
Rule References nessus: 11180