Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2478

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2478
Last Modified 06 May 2011 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2478

Summary

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Vulnerable Systems

Application

  • Ca Unicenter Web Services Distributed Management 3.1

  • Ibm Trading Partner Interchange 4.2.1

  • Ibm Trading Partner Interchange 4.2.2

  • Jetty Http Server 3.1.6

  • Jetty Http Server 3.1.7

  • Jetty Http Server 4.1.0

  • Jetty Http Server 4.1.0 Rc4

  • Jetty Http Server 4.1.1

  • Jetty Http Server 4.2.11

  • Jetty Http Server 4.2.12

  • Jetty Http Server 4.2.14

  • Jetty Http Server 4.2.15

  • Jetty Http Server 4.2.16

  • Jetty Http Server 4.2.17

  • Jetty Http Server 4.2.18

  • Jetty Http Server 4.2.19

  • Jetty Http Server 4.2.4

  • Jetty Http Server 4.2.5

  • Jetty Http Server 4.2.6

  • Jetty Http Server 4.2.7

  • Jetty Http Server 4.2.9


References

XF - trading-partner-gain-access(17600)

VUPEN - ADV-2006-3873

BID - 11330

BUGTRAQ - 20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability

OSVDB - 10490

MISC - http://www-1.ibm.com/support/docview.wss?uid=swg21178665

SECTRACK - 1016975

SECTRACK - 1011545

SECUNIA - 22229

SECUNIA - 12703


Last Updated: 27 May 2016 10:39:29