CVE-2004-2478

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-2478
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www-1.ibm.com/support/docview.wss?uid=swg21178665 Vendor Advisory
http://www.securityfocus.com/bid/11330
http://www.osvdb.org/10490
http://securitytracker.com/id?1011545
http://secunia.com/advisories/12703 Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
http://securitytracker.com/id?1016975
http://secunia.com/advisories/22229 Vendor Advisory
http://www.vupen.com/english/advisories/2006/3873 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
http://www.securityfocus.com/archive/1/447648/100/0/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*
cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*
Information

Published : 2004-12-30 21:00

Updated : 2018-10-19 08:30

NVD link : CVE-2004-2478

Mitre link : CVE-2004-2478

JSON object : View

CWE
NVD-CWE-noinfo
Advertisement

dedicated server usa
Products Affected

jetty

  • jetty_http_server

ca

  • unicenter_web_services_distributed_management

ibm

  • trading_partner_interchange