Search criteria
3 vulnerabilities found for trading_partner_interchange by ibm
CVE-2004-2478 (GCVE-0-2004-2478)
Vulnerability from cvelistv5 – Published: 2005-08-21 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11330"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11330"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665",
"refsource": "MISC",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2478",
"datePublished": "2005-08-21T04:00:00",
"dateReserved": "2005-08-21T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2478 (GCVE-0-2004-2478)
Vulnerability from nvd – Published: 2005-08-21 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11330"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11330"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12703"
},
{
"name": "ADV-2006-3873",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"name": "11330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665",
"refsource": "MISC",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"name": "22229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22229"
},
{
"name": "1016975",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016975"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"name": "1011545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011545"
},
{
"name": "trading-partner-gain-access(17600)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"name": "10490",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2478",
"datePublished": "2005-08-21T04:00:00",
"dateReserved": "2005-08-21T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2004-2478
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ca | unicenter_web_services_distributed_management | * | |
| ibm | trading_partner_interchange | * | |
| ibm | trading_partner_interchange | 4.2.1 | |
| jetty | jetty_http_server | 3.1.6 | |
| jetty | jetty_http_server | 3.1.7 | |
| jetty | jetty_http_server | 4.1.0 | |
| jetty | jetty_http_server | 4.1.0_rc4 | |
| jetty | jetty_http_server | 4.1.1 | |
| jetty | jetty_http_server | 4.2.4 | |
| jetty | jetty_http_server | 4.2.5 | |
| jetty | jetty_http_server | 4.2.6 | |
| jetty | jetty_http_server | 4.2.7 | |
| jetty | jetty_http_server | 4.2.9 | |
| jetty | jetty_http_server | 4.2.11 | |
| jetty | jetty_http_server | 4.2.12 | |
| jetty | jetty_http_server | 4.2.14 | |
| jetty | jetty_http_server | 4.2.15 | |
| jetty | jetty_http_server | 4.2.16 | |
| jetty | jetty_http_server | 4.2.17 | |
| jetty | jetty_http_server | 4.2.18 | |
| jetty | jetty_http_server | 4.2.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78D5271C-F4AD-4D74-9B7B-A1CC7F9DA2CF",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DF396D-2180-44BD-919E-AC0ADF54DC15",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCD0E32-F57D-4D53-8537-29831AAF505A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF8838-B5E7-4C17-9F76-C38D044A3AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99ECB27E-6852-4EEA-9C1B-0B84FC1202C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E64C7C-84FA-4AF0-ADA3-3708DADF35C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "FD27A440-D06A-47D5-97FF-4B56EDD3E8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35508567-7C83-4C4B-961B-1BE9B8F3D1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C276FEC9-68B0-46BC-92A0-65C3B8401FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44D01183-FC99-4FD3-965B-38B1FC39048F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3154BBA-DF19-458F-B8D0-CFCAC7DB366A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "512BF3AF-4013-48E7-9546-5052CFBF0B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "01A293F8-45D0-46F3-93C3-A09542628FE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
],
"id": "CVE-2004-2478",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12703"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22229"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011545"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016975"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10490"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}