All the vulnerabilites related to ibm - trading_partner_interchange
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ca | unicenter_web_services_distributed_management | * | |
| ibm | trading_partner_interchange | * | |
| ibm | trading_partner_interchange | 4.2.1 | |
| jetty | jetty_http_server | 3.1.6 | |
| jetty | jetty_http_server | 3.1.7 | |
| jetty | jetty_http_server | 4.1.0 | |
| jetty | jetty_http_server | 4.1.0_rc4 | |
| jetty | jetty_http_server | 4.1.1 | |
| jetty | jetty_http_server | 4.2.4 | |
| jetty | jetty_http_server | 4.2.5 | |
| jetty | jetty_http_server | 4.2.6 | |
| jetty | jetty_http_server | 4.2.7 | |
| jetty | jetty_http_server | 4.2.9 | |
| jetty | jetty_http_server | 4.2.11 | |
| jetty | jetty_http_server | 4.2.12 | |
| jetty | jetty_http_server | 4.2.14 | |
| jetty | jetty_http_server | 4.2.15 | |
| jetty | jetty_http_server | 4.2.16 | |
| jetty | jetty_http_server | 4.2.17 | |
| jetty | jetty_http_server | 4.2.18 | |
| jetty | jetty_http_server | 4.2.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78D5271C-F4AD-4D74-9B7B-A1CC7F9DA2CF",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DF396D-2180-44BD-919E-AC0ADF54DC15",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCD0E32-F57D-4D53-8537-29831AAF505A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF8838-B5E7-4C17-9F76-C38D044A3AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99ECB27E-6852-4EEA-9C1B-0B84FC1202C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E64C7C-84FA-4AF0-ADA3-3708DADF35C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "FD27A440-D06A-47D5-97FF-4B56EDD3E8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35508567-7C83-4C4B-961B-1BE9B8F3D1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C276FEC9-68B0-46BC-92A0-65C3B8401FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44D01183-FC99-4FD3-965B-38B1FC39048F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3154BBA-DF19-458F-B8D0-CFCAC7DB366A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "512BF3AF-4013-48E7-9546-5052CFBF0B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "01A293F8-45D0-46F3-93C3-A09542628FE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
],
"id": "CVE-2004-2478",
"lastModified": "2024-11-20T23:53:27.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12703"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22229"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011545"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016975"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10490"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2004-2478
Vulnerability from cvelistv5
Published
2005-08-21 04:00
Modified
2024-08-08 01:29
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/12703 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/3873 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/11330 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21178665 | x_refsource_MISC | |
| http://secunia.com/advisories/22229 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016975 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/447648/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html | mailing-list, x_refsource_FULLDISC | |
| http://securitytracker.com/id?1011545 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17600 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/10490 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11330"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11330"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665",
"refsource": "MISC",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2478",
"datePublished": "2005-08-21T04:00:00",
"dateReserved": "2005-08-21T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}