CVE Vulnerabilities

CVE-2004-2478

Published: Dec 31, 2004 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Affected Software

Name Vendor Start Version End Version
Unicenter_web_services_distributed_management Ca * 3.1 (including)
Trading_partner_interchange Ibm * 4.2.2 (including)
Trading_partner_interchange Ibm 4.2.1 (including) 4.2.1 (including)
Jetty_http_server Jetty 3.1.6 (including) 3.1.6 (including)
Jetty_http_server Jetty 3.1.7 (including) 3.1.7 (including)
Jetty_http_server Jetty 4.1.0 (including) 4.1.0 (including)
Jetty_http_server Jetty 4.1.0_rc4 (including) 4.1.0_rc4 (including)
Jetty_http_server Jetty 4.1.1 (including) 4.1.1 (including)
Jetty_http_server Jetty 4.2.4 (including) 4.2.4 (including)
Jetty_http_server Jetty 4.2.5 (including) 4.2.5 (including)
Jetty_http_server Jetty 4.2.6 (including) 4.2.6 (including)
Jetty_http_server Jetty 4.2.7 (including) 4.2.7 (including)
Jetty_http_server Jetty 4.2.9 (including) 4.2.9 (including)
Jetty_http_server Jetty 4.2.11 (including) 4.2.11 (including)
Jetty_http_server Jetty 4.2.12 (including) 4.2.12 (including)
Jetty_http_server Jetty 4.2.14 (including) 4.2.14 (including)
Jetty_http_server Jetty 4.2.15 (including) 4.2.15 (including)
Jetty_http_server Jetty 4.2.16 (including) 4.2.16 (including)
Jetty_http_server Jetty 4.2.17 (including) 4.2.17 (including)
Jetty_http_server Jetty 4.2.18 (including) 4.2.18 (including)
Jetty_http_server Jetty 4.2.19 (including) 4.2.19 (including)

References