FKIE_CVE-2004-2478

Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
References
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
cve@mitre.orghttp://secunia.com/advisories/12703Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22229Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1011545
cve@mitre.orghttp://securitytracker.com/id?1016975
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21178665Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/10490
cve@mitre.orghttp://www.securityfocus.com/archive/1/447648/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/11330
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3873Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17600
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12703Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22229Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1011545
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016975
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21178665Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/10490
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/447648/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11330
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3873Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
Impacted products
Vendor Product Version
ca unicenter_web_services_distributed_management *
ibm trading_partner_interchange *
ibm trading_partner_interchange 4.2.1
jetty jetty_http_server 3.1.6
jetty jetty_http_server 3.1.7
jetty jetty_http_server 4.1.0
jetty jetty_http_server 4.1.0_rc4
jetty jetty_http_server 4.1.1
jetty jetty_http_server 4.2.4
jetty jetty_http_server 4.2.5
jetty jetty_http_server 4.2.6
jetty jetty_http_server 4.2.7
jetty jetty_http_server 4.2.9
jetty jetty_http_server 4.2.11
jetty jetty_http_server 4.2.12
jetty jetty_http_server 4.2.14
jetty jetty_http_server 4.2.15
jetty jetty_http_server 4.2.16
jetty jetty_http_server 4.2.17
jetty jetty_http_server 4.2.18
jetty jetty_http_server 4.2.19
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D5271C-F4AD-4D74-9B7B-A1CC7F9DA2CF",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DF396D-2180-44BD-919E-AC0ADF54DC15",
              "versionEndIncluding": "4.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCCD0E32-F57D-4D53-8537-29831AAF505A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADF8838-B5E7-4C17-9F76-C38D044A3AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99ECB27E-6852-4EEA-9C1B-0B84FC1202C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85E64C7C-84FA-4AF0-ADA3-3708DADF35C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD27A440-D06A-47D5-97FF-4B56EDD3E8B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35508567-7C83-4C4B-961B-1BE9B8F3D1D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C276FEC9-68B0-46BC-92A0-65C3B8401FD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D01183-FC99-4FD3-965B-38B1FC39048F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3154BBA-DF19-458F-B8D0-CFCAC7DB366A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "512BF3AF-4013-48E7-9546-5052CFBF0B11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A293F8-45D0-46F3-93C3-A09542628FE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
    }
  ],
  "id": "CVE-2004-2478",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12703"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1011545"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016975"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10490"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11330"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3873"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1011545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.