cvelistv5 - CVE-2004-2478

CVE-2004-2478 (GCVE-0-2004-2478)

Vulnerability from cvelistv5 – Published: 2005-08-21 04:00 – Updated: 2024-08-08 01:29

Summary

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/12703	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/3873	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/11330	vdb-entryx_refsource_BID
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	x_refsource_MISC
	http://secunia.com/advisories/22229	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1016975	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/447648/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://securitytracker.com/id?1011545	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.osvdb.org/10490	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:13.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "12703",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12703"
          },
          {
            "name": "ADV-2006-3873",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3873"
          },
          {
            "name": "11330",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11330"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
          },
          {
            "name": "22229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22229"
          },
          {
            "name": "1016975",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016975"
          },
          {
            "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
          },
          {
            "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
          },
          {
            "name": "1011545",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1011545"
          },
          {
            "name": "trading-partner-gain-access(17600)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
          },
          {
            "name": "10490",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/10490"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "12703",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12703"
        },
        {
          "name": "ADV-2006-3873",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3873"
        },
        {
          "name": "11330",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11330"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
        },
        {
          "name": "22229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22229"
        },
        {
          "name": "1016975",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016975"
        },
        {
          "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
        },
        {
          "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
        },
        {
          "name": "1011545",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1011545"
        },
        {
          "name": "trading-partner-gain-access(17600)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
        },
        {
          "name": "10490",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/10490"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2478",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "12703",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12703"
            },
            {
              "name": "ADV-2006-3873",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3873"
            },
            {
              "name": "11330",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11330"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665",
              "refsource": "MISC",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
            },
            {
              "name": "22229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22229"
            },
            {
              "name": "1016975",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016975"
            },
            {
              "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
            },
            {
              "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
            },
            {
              "name": "1011545",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1011545"
            },
            {
              "name": "trading-partner-gain-access(17600)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
            },
            {
              "name": "10490",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/10490"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2478",
    "datePublished": "2005-08-21T04:00:00",
    "dateReserved": "2005-08-21T00:00:00",
    "dateUpdated": "2024-08-08T01:29:13.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.1\", \"matchCriteriaId\": \"78D5271C-F4AD-4D74-9B7B-A1CC7F9DA2CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.2.2\", \"matchCriteriaId\": \"69DF396D-2180-44BD-919E-AC0ADF54DC15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCCD0E32-F57D-4D53-8537-29831AAF505A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DADF8838-B5E7-4C17-9F76-C38D044A3AD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99ECB27E-6852-4EEA-9C1B-0B84FC1202C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85E64C7C-84FA-4AF0-ADA3-3708DADF35C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD27A440-D06A-47D5-97FF-4B56EDD3E8B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35508567-7C83-4C4B-961B-1BE9B8F3D1D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C276FEC9-68B0-46BC-92A0-65C3B8401FD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44D01183-FC99-4FD3-965B-38B1FC39048F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3154BBA-DF19-458F-B8D0-CFCAC7DB366A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"512BF3AF-4013-48E7-9546-5052CFBF0B11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09FD2684-87CF-4B4D-B3D1-7DE43609D2E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B82462AC-665D-41C0-B198-AA52784DF4C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B21ED45-9C48-4547-BDCE-7EB12B03AAEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA62A170-2544-4D3D-8E22-21F35D2E9944\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0F5EF68-A6FC-4FD7-8C36-4A8623C60622\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"858FCD10-5B40-4EA8-BA16-081EFC734695\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01A293F8-45D0-46F3-93C3-A09542628FE0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.\"}]",
      "id": "CVE-2004-2478",
      "lastModified": "2024-11-20T23:53:27.297",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2004-12-31T05:00:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/12703\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/22229\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1011545\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016975\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg21178665\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/10490\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/447648/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/11330\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3873\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/17600\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/12703\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/22229\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1011545\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016975\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg21178665\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/10490\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/447648/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/11330\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3873\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/17600\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-2478\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1\",\"matchCriteriaId\":\"78D5271C-F4AD-4D74-9B7B-A1CC7F9DA2CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.2\",\"matchCriteriaId\":\"69DF396D-2180-44BD-919E-AC0ADF54DC15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCD0E32-F57D-4D53-8537-29831AAF505A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DADF8838-B5E7-4C17-9F76-C38D044A3AD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99ECB27E-6852-4EEA-9C1B-0B84FC1202C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85E64C7C-84FA-4AF0-ADA3-3708DADF35C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD27A440-D06A-47D5-97FF-4B56EDD3E8B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35508567-7C83-4C4B-961B-1BE9B8F3D1D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C276FEC9-68B0-46BC-92A0-65C3B8401FD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44D01183-FC99-4FD3-965B-38B1FC39048F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3154BBA-DF19-458F-B8D0-CFCAC7DB366A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"512BF3AF-4013-48E7-9546-5052CFBF0B11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09FD2684-87CF-4B4D-B3D1-7DE43609D2E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B82462AC-665D-41C0-B198-AA52784DF4C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B21ED45-9C48-4547-BDCE-7EB12B03AAEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA62A170-2544-4D3D-8E22-21F35D2E9944\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0F5EF68-A6FC-4FD7-8C36-4A8623C60622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"858FCD10-5B40-4EA8-BA16-081EFC734695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01A293F8-45D0-46F3-93C3-A09542628FE0\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/12703\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22229\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1011545\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016975\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg21178665\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/10490\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447648/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/11330\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3873\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17600\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/12703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1011545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg21178665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/10490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447648/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/11330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3873\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2006-AVI-428

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Unicenter WSDM 3.1 permet à un utilisateur distant d'accéder à des informations sensibles.

Description

Unicenter Web Services Distributed Management 3.1 utilise une version vulnérable de Jetty Webserver permettant à une personne distante mal intentionnée de consulter certains fichiers.

Solution

La version 3.11 d'Unicenter WSDM corrige le problème.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

CA Unicenter Web Services Distributed Management (WSDM) 3.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité de Computer Associates du 02 octobre 2006	None	vendor-advisory
Bulletin de sécurité de Computer Associates pour CA Unicenter WSDM du 02 octobre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eCA Unicenter Web Services  Distributed Management (WSDM) 3.1\u003c/TT\u003e.",
  "content": "## Description\n\nUnicenter Web Services Distributed Management 3.1 utilise une version\nvuln\u00e9rable de Jetty Webserver permettant \u00e0 une personne distante mal\nintentionn\u00e9e de consulter certains fichiers.\n\n## Solution\n\nLa version 3.11 d\u0027Unicenter WSDM corrige le probl\u00e8me.  \nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2004-2478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-2478"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de Computer Associates pour CA    Unicenter WSDM du 02 octobre 2006 :",
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/wsdmvuln_notice.asp"
    }
  ],
  "reference": "CERTA-2006-AVI-428",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-10-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Unicenter WSDM 3.1 permet \u00e0 un utilisateur\ndistant d\u0027acc\u00e9der \u00e0 des informations sensibles.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans CA Unicenter WSDM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Computer Associates du 02 octobre 2006",
      "url": null
    }
  ]
}

CERTA-2006-AVI-428

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Unicenter WSDM 3.1 permet à un utilisateur distant d'accéder à des informations sensibles.

Description

Unicenter Web Services Distributed Management 3.1 utilise une version vulnérable de Jetty Webserver permettant à une personne distante mal intentionnée de consulter certains fichiers.

Solution

La version 3.11 d'Unicenter WSDM corrige le problème.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

CA Unicenter Web Services Distributed Management (WSDM) 3.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité de Computer Associates du 02 octobre 2006	None	vendor-advisory
Bulletin de sécurité de Computer Associates pour CA Unicenter WSDM du 02 octobre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eCA Unicenter Web Services  Distributed Management (WSDM) 3.1\u003c/TT\u003e.",
  "content": "## Description\n\nUnicenter Web Services Distributed Management 3.1 utilise une version\nvuln\u00e9rable de Jetty Webserver permettant \u00e0 une personne distante mal\nintentionn\u00e9e de consulter certains fichiers.\n\n## Solution\n\nLa version 3.11 d\u0027Unicenter WSDM corrige le probl\u00e8me.  \nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2004-2478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-2478"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de Computer Associates pour CA    Unicenter WSDM du 02 octobre 2006 :",
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/wsdmvuln_notice.asp"
    }
  ],
  "reference": "CERTA-2006-AVI-428",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-10-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Unicenter WSDM 3.1 permet \u00e0 un utilisateur\ndistant d\u0027acc\u00e9der \u00e0 des informations sensibles.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans CA Unicenter WSDM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Computer Associates du 02 octobre 2006",
      "url": null
    }
  ]
}

FKIE_CVE-2004-2478

Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
cve@mitre.org	http://secunia.com/advisories/12703	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/22229	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1011545
cve@mitre.org	http://securitytracker.com/id?1016975
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21178665	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/10490
cve@mitre.org	http://www.securityfocus.com/archive/1/447648/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/11330
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3873	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12703	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22229	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1011545
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016975
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21178665	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/10490
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447648/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11330
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3873	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17600

Impacted products

Vendor	Product	Version
ca	unicenter_web_services_distributed_management	*
ibm	trading_partner_interchange	*
ibm	trading_partner_interchange	4.2.1
jetty	jetty_http_server	3.1.6
jetty	jetty_http_server	3.1.7
jetty	jetty_http_server	4.1.0
jetty	jetty_http_server	4.1.0_rc4
jetty	jetty_http_server	4.1.1
jetty	jetty_http_server	4.2.4
jetty	jetty_http_server	4.2.5
jetty	jetty_http_server	4.2.6
jetty	jetty_http_server	4.2.7
jetty	jetty_http_server	4.2.9
jetty	jetty_http_server	4.2.11
jetty	jetty_http_server	4.2.12
jetty	jetty_http_server	4.2.14
jetty	jetty_http_server	4.2.15
jetty	jetty_http_server	4.2.16
jetty	jetty_http_server	4.2.17
jetty	jetty_http_server	4.2.18
jetty	jetty_http_server	4.2.19

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D5271C-F4AD-4D74-9B7B-A1CC7F9DA2CF",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DF396D-2180-44BD-919E-AC0ADF54DC15",
              "versionEndIncluding": "4.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCCD0E32-F57D-4D53-8537-29831AAF505A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADF8838-B5E7-4C17-9F76-C38D044A3AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99ECB27E-6852-4EEA-9C1B-0B84FC1202C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85E64C7C-84FA-4AF0-ADA3-3708DADF35C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD27A440-D06A-47D5-97FF-4B56EDD3E8B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35508567-7C83-4C4B-961B-1BE9B8F3D1D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C276FEC9-68B0-46BC-92A0-65C3B8401FD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D01183-FC99-4FD3-965B-38B1FC39048F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3154BBA-DF19-458F-B8D0-CFCAC7DB366A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "512BF3AF-4013-48E7-9546-5052CFBF0B11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A293F8-45D0-46F3-93C3-A09542628FE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
    }
  ],
  "id": "CVE-2004-2478",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12703"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1011545"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016975"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10490"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11330"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3873"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1011545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MCVW-PW2F-V47R

Vulnerability from github – Published: 2022-04-29 03:01 – Updated: 2022-04-29 03:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-2478"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-12-31T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.",
  "id": "GHSA-mcvw-pw2f-v47r",
  "modified": "2022-04-29T03:01:31Z",
  "published": "2022-04-29T03:01:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2478"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/12703"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22229"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1011545"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016975"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/10490"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/11330"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3873"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2004-2478

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2004-2478

Aliases

CVE-2004-2478

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-2478",
    "description": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.",
    "id": "GSD-2004-2478"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-2478"
      ],
      "details": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.",
      "id": "GSD-2004-2478",
      "modified": "2023-12-13T01:22:55.253794Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-2478",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "12703",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/12703"
          },
          {
            "name": "ADV-2006-3873",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3873"
          },
          {
            "name": "11330",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/11330"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665",
            "refsource": "MISC",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
          },
          {
            "name": "22229",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22229"
          },
          {
            "name": "1016975",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016975"
          },
          {
            "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
          },
          {
            "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
          },
          {
            "name": "1011545",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1011545"
          },
          {
            "name": "trading-partner-gain-access(17600)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
          },
          {
            "name": "10490",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/10490"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2478"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
            },
            {
              "name": "11330",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/11330"
            },
            {
              "name": "10490",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/10490"
            },
            {
              "name": "1011545",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1011545"
            },
            {
              "name": "12703",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/12703"
            },
            {
              "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
            },
            {
              "name": "1016975",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016975"
            },
            {
              "name": "22229",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22229"
            },
            {
              "name": "ADV-2006-3873",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3873"
            },
            {
              "name": "trading-partner-gain-access(17600)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
            },
            {
              "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T15:30Z",
      "publishedDate": "2004-12-31T05:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2004-2478 (GCVE-0-2004-2478)

CERTA-2006-AVI-428

Description

Solution

CERTA-2006-AVI-428

Description

Solution

FKIE_CVE-2004-2478

GHSA-MCVW-PW2F-V47R

GSD-2004-2478

Tags

Sightings

Nomenclature