1. CVE-Search
  2. CVE-2004-2478
ID CVE-2004-2478
Summary Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
References
Vulnerable Configurations
  • cpe:2.3:a:ca:unicenter_web_services_distributed_management:-:*:*:*:*:*:*:*
    cpe:2.3:a:ca:unicenter_web_services_distributed_management:-:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:trading_partner_interchange:-:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:trading_partner_interchange:-:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:trading_partner_interchange:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:trading_partner_interchange:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2018 - 15:30)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 11330
bugtraq 20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability
fulldisc 20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability
misc http://www-1.ibm.com/support/docview.wss?uid=swg21178665
osvdb 10490
sectrack
  • 1011545
  • 1016975
secunia
  • 12703
  • 22229
vupen ADV-2006-3873
xf trading-partner-gain-access(17600)
Last major update 19-10-2018 - 15:30
Published 31-12-2004 - 05:00
Last modified 19-10-2018 - 15:30
Back to Top