CVE-2004-2478

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Affected (21)

Products: Ca: Unicenter Web Services Distributed Management · Ibm: Trading Partner Interchange · Jetty: Jetty Http Server

1 product

Unicenter Web Services Distributed Management

1 product

Trading Partner Interchange

1 product

Jetty Http Server

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Ca Unicenter Web Services Distributed Management	Up to 3.1
Ibm Trading Partner Interchange	Up to 4.2.2
Ibm Trading Partner Interchange	Version 4.2.1
Jetty Jetty Http Server	Version 3.1.6
Jetty Jetty Http Server	Version 3.1.7
Jetty Jetty Http Server	Version 4.1.0
Jetty Jetty Http Server	Version 4.1.0_rc4
Jetty Jetty Http Server	Version 4.1.1
Jetty Jetty Http Server	Version 4.2.11
Jetty Jetty Http Server	Version 4.2.12
Jetty Jetty Http Server	Version 4.2.14
Jetty Jetty Http Server	Version 4.2.15
Jetty Jetty Http Server	Version 4.2.16
Jetty Jetty Http Server	Version 4.2.17
Jetty Jetty Http Server	Version 4.2.18
Jetty Jetty Http Server	Version 4.2.19
Jetty Jetty Http Server	Version 4.2.4
Jetty Jetty Http Server	Version 4.2.5
Jetty Jetty Http Server	Version 4.2.6
Jetty Jetty Http Server	Version 4.2.7
Jetty Jetty Http Server	Version 4.2.9

References (22)

http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html

Source: cve@mitre.org

http://secunia.com/advisories/12703

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/22229

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1011545

Source: cve@mitre.org

http://securitytracker.com/id?1016975

Source: cve@mitre.org

http://www-1.ibm.com/support/docview.wss?uid=swg21178665

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/10490

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/447648/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/11330

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3873

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17600

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/12703

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/22229

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1011545

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1016975

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-1.ibm.com/support/docview.wss?uid=swg21178665

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/10490

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/447648/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/11330

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/3873

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17600

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.