Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unicenter_web_services_distributed_management | Ca | * | 3.1 (including) |
| Trading_partner_interchange | Ibm | * | 4.2.2 (including) |
| Trading_partner_interchange | Ibm | 4.2.1 (including) | 4.2.1 (including) |
| Jetty_http_server | Jetty | 3.1.6 (including) | 3.1.6 (including) |
| Jetty_http_server | Jetty | 3.1.7 (including) | 3.1.7 (including) |
| Jetty_http_server | Jetty | 4.1.0 (including) | 4.1.0 (including) |
| Jetty_http_server | Jetty | 4.1.0_rc4 (including) | 4.1.0_rc4 (including) |
| Jetty_http_server | Jetty | 4.1.1 (including) | 4.1.1 (including) |
| Jetty_http_server | Jetty | 4.2.4 (including) | 4.2.4 (including) |
| Jetty_http_server | Jetty | 4.2.5 (including) | 4.2.5 (including) |
| Jetty_http_server | Jetty | 4.2.6 (including) | 4.2.6 (including) |
| Jetty_http_server | Jetty | 4.2.7 (including) | 4.2.7 (including) |
| Jetty_http_server | Jetty | 4.2.9 (including) | 4.2.9 (including) |
| Jetty_http_server | Jetty | 4.2.11 (including) | 4.2.11 (including) |
| Jetty_http_server | Jetty | 4.2.12 (including) | 4.2.12 (including) |
| Jetty_http_server | Jetty | 4.2.14 (including) | 4.2.14 (including) |
| Jetty_http_server | Jetty | 4.2.15 (including) | 4.2.15 (including) |
| Jetty_http_server | Jetty | 4.2.16 (including) | 4.2.16 (including) |
| Jetty_http_server | Jetty | 4.2.17 (including) | 4.2.17 (including) |
| Jetty_http_server | Jetty | 4.2.18 (including) | 4.2.18 (including) |
| Jetty_http_server | Jetty | 4.2.19 (including) | 4.2.19 (including) |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
- http://secunia.com/advisories/12703
- http://secunia.com/advisories/22229
- http://securitytracker.com/id?1011545
- http://securitytracker.com/id?1016975
- http://www-1.ibm.com/support/docview.wss?uid=swg21178665
- http://www.osvdb.org/10490
- http://www.securityfocus.com/archive/1/447648/100/0/threaded
- http://www.securityfocus.com/bid/11330
- http://www.vupen.com/english/advisories/2006/3873
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
- http://secunia.com/advisories/12703
- http://secunia.com/advisories/22229
- http://securitytracker.com/id?1011545
- http://securitytracker.com/id?1016975
- http://www-1.ibm.com/support/docview.wss?uid=swg21178665
- http://www.osvdb.org/10490
- http://www.securityfocus.com/archive/1/447648/100/0/threaded
- http://www.securityfocus.com/bid/11330
- http://www.vupen.com/english/advisories/2006/3873
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17600