CVE-2004-2478

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?uid=swg21178665	Vendor Advisory
http://www.securityfocus.com/bid/11330
http://www.osvdb.org/10490
http://securitytracker.com/id?1011545
http://secunia.com/advisories/12703	Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
http://securitytracker.com/id?1016975
http://secunia.com/advisories/22229	Vendor Advisory
http://www.vupen.com/english/advisories/2006/3873	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
http://www.securityfocus.com/archive/1/447648/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.14:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.15:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.6:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.7:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.11:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.12:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.4:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.5:::::::*
	cpe:2.3:a:jetty:jetty_http_server:3.1.6:::::::*
	cpe:2.3:a:jetty:jetty_http_server:3.1.7:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.18:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.19:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.16:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.1.0:::::::*
	cpe:2.3:a:ibm:trading_partner_interchange::::::::
	cpe:2.3:a:ca:unicenter_web_services_distributed_management::::::::
	cpe:2.3:a:jetty:jetty_http_server:4.2.9:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.1.1:::::::*
	cpe:2.3:a:jetty:jetty_http_server:4.2.17:::::::*

Information

Published : 2004-12-30 21:00

Updated : 2018-10-19 08:30

NVD link : CVE-2004-2478

Mitre link : CVE-2004-2478

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

jetty

jetty_http_server

unicenter_web_services_distributed_management

ibm

trading_partner_interchange

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665", "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/11330", "name": "11330", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/10490", "name": "10490", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1011545", "name": "1011545", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/12703", "name": "12703", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html", "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability", "tags": [], "refsource": "FULLDISC"}, {"url": "http://securitytracker.com/id?1016975", "name": "1016975", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/22229", "name": "22229", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/3873", "name": "ADV-2006-3873", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600", "name": "trading-partner-gain-access(17600)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded", "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2478", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.2.2"}, {"cpe23Uri": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.1"}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:30Z"}

7.5 /10