CVE-2004-2478

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-2478
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
http://secunia.com/advisories/12703 Vendor Advisory
http://secunia.com/advisories/22229 Vendor Advisory
http://securitytracker.com/id?1011545
http://securitytracker.com/id?1016975
http://www-1.ibm.com/support/docview.wss?uid=swg21178665 Vendor Advisory
http://www.osvdb.org/10490
http://www.securityfocus.com/archive/1/447648/100/0/threaded
http://www.securityfocus.com/bid/11330
http://www.vupen.com/english/advisories/2006/3873 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*
History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2023-12-10 10:28

NVD link : CVE-2004-2478

Mitre link : CVE-2004-2478

CVE.ORG link : CVE-2004-2478

JSON object : View

Products Affected

ca

  • unicenter_web_services_distributed_management

jetty

  • jetty_http_server

ibm

  • trading_partner_interchange
CWE
NVD-CWE-noinfo