All the vulnerabilites related to jetty - jetty_http_server
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ca | unicenter_web_services_distributed_management | * | |
| ibm | trading_partner_interchange | * | |
| ibm | trading_partner_interchange | 4.2.1 | |
| jetty | jetty_http_server | 3.1.6 | |
| jetty | jetty_http_server | 3.1.7 | |
| jetty | jetty_http_server | 4.1.0 | |
| jetty | jetty_http_server | 4.1.0_rc4 | |
| jetty | jetty_http_server | 4.1.1 | |
| jetty | jetty_http_server | 4.2.4 | |
| jetty | jetty_http_server | 4.2.5 | |
| jetty | jetty_http_server | 4.2.6 | |
| jetty | jetty_http_server | 4.2.7 | |
| jetty | jetty_http_server | 4.2.9 | |
| jetty | jetty_http_server | 4.2.11 | |
| jetty | jetty_http_server | 4.2.12 | |
| jetty | jetty_http_server | 4.2.14 | |
| jetty | jetty_http_server | 4.2.15 | |
| jetty | jetty_http_server | 4.2.16 | |
| jetty | jetty_http_server | 4.2.17 | |
| jetty | jetty_http_server | 4.2.18 | |
| jetty | jetty_http_server | 4.2.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78D5271C-F4AD-4D74-9B7B-A1CC7F9DA2CF",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DF396D-2180-44BD-919E-AC0ADF54DC15",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCD0E32-F57D-4D53-8537-29831AAF505A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF8838-B5E7-4C17-9F76-C38D044A3AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99ECB27E-6852-4EEA-9C1B-0B84FC1202C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E64C7C-84FA-4AF0-ADA3-3708DADF35C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "FD27A440-D06A-47D5-97FF-4B56EDD3E8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35508567-7C83-4C4B-961B-1BE9B8F3D1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C276FEC9-68B0-46BC-92A0-65C3B8401FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44D01183-FC99-4FD3-965B-38B1FC39048F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3154BBA-DF19-458F-B8D0-CFCAC7DB366A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "512BF3AF-4013-48E7-9546-5052CFBF0B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "01A293F8-45D0-46F3-93C3-A09542628FE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
],
"id": "CVE-2004-2478",
"lastModified": "2024-11-20T23:53:27.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12703"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22229"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011545"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016975"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10490"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-07 11:28
Modified
2024-11-21 00:24
Severity ?
Summary
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jetty | jetty_http_server | 4.2.9 | |
| jetty | jetty_http_server | 4.2.11 | |
| jetty | jetty_http_server | 4.2.12 | |
| jetty | jetty_http_server | 4.2.14 | |
| jetty | jetty_http_server | 4.2.15 | |
| jetty | jetty_http_server | 4.2.16 | |
| jetty | jetty_http_server | 4.2.17 | |
| jetty | jetty_http_server | 4.2.18 | |
| jetty | jetty_http_server | 4.2.19 | |
| jetty | jetty_http_server | 4.2.24 | |
| jetty | jetty_http_server | 5.1.11 | |
| jetty | jetty_http_server | 6.0.1 | |
| jetty | jetty_http_server | 6.1.0_pre2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "01A293F8-45D0-46F3-93C3-A09542628FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "238E835C-8C44-4514-A320-E7294683C5A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:5.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDF1C6A-C804-4F51-BFF6-ECB4584E4DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED02F5B-3F98-4603-B51B-DC5F7C81291C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:6.1.0_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "F734C638-26EB-426E-8505-798F2DC526AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks."
},
{
"lang": "es",
"value": "Jetty anterior al 4.2.27, 5.1 anterior al 5.1.12, 6.0 anterior al 6.0.2 y 6.1 anterior al 6.1.0pre3 genera identificadores de sesi\u00f3n predecibles utilizando java.util.random, lo que hace m\u00e1s f\u00e1cil para atacantes remotos el adivinar los identificadores de sesiones utilizando ataques de fuerza bruta y, posiblemente, llevar a cabo ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados."
}
],
"id": "CVE-2006-6969",
"lastModified": "2024-11-21T00:24:04.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-07T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html"
},
{
"source": "cve@mitre.org",
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33108"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24070"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22405"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0497"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-11 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jetty | jetty_http_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "233B87E3-D87D-4473-8D3B-151146F462EE",
"versionEndIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en el CGIServlet en Jetty HHTP server anteriores a 4.1.0 permite a atacantes remotos leer ficheros arbitrarios mediante secuencias .. (punto punto barra invertida) en peticiones HTTP al directorio cgi-bin."
}
],
"id": "CVE-2002-1178",
"lastModified": "2024-11-20T23:40:45.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://groups.yahoo.com/group/jetty-announce/message/45"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103358725813039\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10246.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5852"
},
{
"source": "cve@mitre.org",
"url": "http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://groups.yahoo.com/group/jetty-announce/message/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103358725813039\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10246.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B24CDC-1E5B-47C9-8192-F0D1116D90A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F45803E0-D1A7-400D-9CA5-50253AC32401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA393091-0662-48B2-8907-99F26477244C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "22D6CFD2-DBAF-4B4A-B235-98BB4826DBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CB88D1-A7C1-47A4-9478-B47D945B3905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F059700-FAAF-4F9B-9973-C79A0F6D8299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3446B000-66B2-42F7-B16D-1D0F06B5A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E83837-A974-42B8-8E0B-2DCFE55F6B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "38AD7BA2-57EA-42DA-9CFE-FED77A912FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71842778-8CE8-4545-B527-994D4BEB92AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.b0:*:*:*:*:*:*:*",
"matchCriteriaId": "464C37F4-F1EC-4827-8C02-0F7253A29FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.b1:*:*:*:*:*:*:*",
"matchCriteriaId": "81965444-CC2B-4002-A7FB-D3EE91AC4AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.b2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7A0330-CDC2-4D95-BF70-E846C480C025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.d0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4A7F11-5826-45BE-9E69-717BCE5DAF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4528F32-6D57-46CF-B9CF-EB6097033477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.d2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE9B195-5072-4CA6-984B-A97398789131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.d3:*:*:*:*:*:*:*",
"matchCriteriaId": "B156DC85-BD41-49CD-995E-5F144934BE74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0.d4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C484A2-DDBF-4BEC-89D1-EED071680AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "A338593D-C6A7-429C-B440-26F3CCC54C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "94FADCB4-DE60-463D-8B59-7392CD734603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "65CD5D1D-259D-4CA5-A07C-ECEBE8540265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E64C7C-84FA-4AF0-ADA3-3708DADF35C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "641E07B7-6433-41D5-B420-29FA254F2D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "268613F8-F1D5-4691-A8B9-6AD7B639D4E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC344802-D51B-4256-B52A-29789ACCF4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "79B4593B-8780-4774-BC1B-923824AB7B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "FD27A440-D06A-47D5-97FF-4B56EDD3E8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "1651BA40-57D1-40BC-AAFE-4ECE34FF1254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "C62CDC27-A264-4E8E-894D-92AD10DC8C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35508567-7C83-4C4B-961B-1BE9B8F3D1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16AF5579-7763-4851-B7A2-B50A4D589AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "44BED546-DD64-457E-B93A-CD2069C2068B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D7E37B-448A-4B49-ABC7-57253B43126C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.b0:*:*:*:*:*:*:*",
"matchCriteriaId": "07346177-D7DE-4545-8BB1-D64D1BDBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.b1:*:*:*:*:*:*:*",
"matchCriteriaId": "65225643-46E4-4B93-BF3A-29DC98BBA92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.d0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6E1FE3-A09D-4593-A3DA-7700D5021EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "50D5991E-8CAE-4FDC-A4D7-79D14BB2A4D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.d2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D93288E-4ED1-4F4D-875A-AA85F6B853C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33B61642-A3F1-4F13-8A3F-A369E1D47F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.0_beta0:*:*:*:*:*:*:*",
"matchCriteriaId": "8575A31A-DD09-494F-895E-1740ABF4F671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.0_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "9622FA39-20BD-4F92-A10A-56B1273A8FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "74666A8D-0B36-47BF-8873-267C8FD228E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B612838A-DD83-4E67-890E-165692DA4532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "247F0030-0598-4ADF-8B5D-91BD7CFF7E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61AD076A-D4C5-4149-94DE-E43BE78DE83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C276FEC9-68B0-46BC-92A0-65C3B8401FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.4_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "937F124D-1CE3-405D-A981-760199DA9ED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44D01183-FC99-4FD3-965B-38B1FC39048F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3154BBA-DF19-458F-B8D0-CFCAC7DB366A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "512BF3AF-4013-48E7-9546-5052CFBF0B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.8_01:*:*:*:*:*:*:*",
"matchCriteriaId": "9965B682-2CFE-4881-8C0A-26B161731904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "96E75206-5C22-47CE-ABC4-960C7D80407B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA45888D-E2C9-4A17-B699-0C775EFC5FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DD62AB-DA57-48B6-9D00-1DBCD4AF111E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.10_pre0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D10D8BC-8C63-45CD-836E-08CC5E6C1676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.10_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E86801-E8C2-4DA3-92FD-F89FBB7B53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8750DB2-F9CE-4CD6-9C11-733546D56EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B72963C-FF0B-4F3F-8D93-8C99C1F43460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "991A0243-5F9E-4E2B-8780-F58B17F9F73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length."
}
],
"id": "CVE-2004-2381",
"lastModified": "2024-11-20T23:53:12.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75\u0026r2=1.76"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11166/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=224743"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4387"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/9917"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75\u0026r2=1.76"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11166/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=224743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/9917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15537"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2002-1178
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/10246.php | vdb-entry, x_refsource_XF | |
| http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt | x_refsource_MISC | |
| http://groups.yahoo.com/group/jetty-announce/message/45 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/5852 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=103358725813039&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jetty-cgiservlet-directory-traversal(10246)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10246.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://groups.yahoo.com/group/jetty-announce/message/45"
},
{
"name": "5852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5852"
},
{
"name": "20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103358725813039\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "jetty-cgiservlet-directory-traversal(10246)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10246.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://groups.yahoo.com/group/jetty-announce/message/45"
},
{
"name": "5852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5852"
},
{
"name": "20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103358725813039\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jetty-cgiservlet-directory-traversal(10246)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10246.php"
},
{
"name": "http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt",
"refsource": "MISC",
"url": "http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt"
},
{
"name": "http://groups.yahoo.com/group/jetty-announce/message/45",
"refsource": "CONFIRM",
"url": "http://groups.yahoo.com/group/jetty-announce/message/45"
},
{
"name": "5852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5852"
},
{
"name": "20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103358725813039\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1178",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-10-03T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6969
Vulnerability from cvelistv5
Published
2007-02-07 11:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/24070 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/0497 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32240 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/33108 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/22405 | vdb-entry, x_refsource_BID | |
| http://fisheye.codehaus.org/changelog/jetty/?cs=1274 | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/459164/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:04.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24070"
},
{
"name": "ADV-2007-0497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0497"
},
{
"name": "jetty-sessionid-session-hijacking(32240)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240"
},
{
"name": "33108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33108"
},
{
"name": "22405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22405"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274"
},
{
"name": "20070206 Re: Jetty Session ID Prediction",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html"
},
{
"name": "20070205 Jetty Session ID Prediction",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24070"
},
{
"name": "ADV-2007-0497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0497"
},
{
"name": "jetty-sessionid-session-hijacking(32240)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240"
},
{
"name": "33108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33108"
},
{
"name": "22405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274"
},
{
"name": "20070206 Re: Jetty Session ID Prediction",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html"
},
{
"name": "20070205 Jetty Session ID Prediction",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24070"
},
{
"name": "ADV-2007-0497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0497"
},
{
"name": "jetty-sessionid-session-hijacking(32240)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240"
},
{
"name": "33108",
"refsource": "OSVDB",
"url": "http://osvdb.org/33108"
},
{
"name": "22405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22405"
},
{
"name": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274",
"refsource": "CONFIRM",
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274"
},
{
"name": "20070206 Re: Jetty Session ID Prediction",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html"
},
{
"name": "20070205 Jetty Session ID Prediction",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6969",
"datePublished": "2007-02-07T11:00:00",
"dateReserved": "2007-02-07T00:00:00",
"dateUpdated": "2024-08-07T20:50:04.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2381
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/4387 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/11166/ | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=224743 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15537 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9917 | vdb-entry, x_refsource_BID | |
| http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4387"
},
{
"name": "11166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11166/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=224743"
},
{
"name": "jetty-dos(15537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15537"
},
{
"name": "9917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9917"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75\u0026r2=1.76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4387"
},
{
"name": "11166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11166/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=224743"
},
{
"name": "jetty-dos(15537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15537"
},
{
"name": "9917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9917"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75\u0026r2=1.76"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4387",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4387"
},
{
"name": "11166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11166/"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=224743",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=224743"
},
{
"name": "jetty-dos(15537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15537"
},
{
"name": "9917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9917"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75\u0026r2=1.76",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75\u0026r2=1.76"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2381",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2478
Vulnerability from cvelistv5
Published
2005-08-21 04:00
Modified
2024-08-08 01:29
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/12703 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/3873 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/11330 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21178665 | x_refsource_MISC | |
| http://secunia.com/advisories/22229 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016975 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/447648/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html | mailing-list, x_refsource_FULLDISC | |
| http://securitytracker.com/id?1011545 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17600 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/10490 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11330"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11330"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665",
"refsource": "MISC",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2478",
"datePublished": "2005-08-21T04:00:00",
"dateReserved": "2005-08-21T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}