CVE-2004-2478
Summary
| CVE | CVE-2004-2478 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-12-31 05:00:00 UTC |
| Updated | 2018-10-19 15:30:00 UTC |
| Description | Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ca | Unicenter Web Services Distributed Management | All | All | All | All |
| Application | Ibm | Trading Partner Interchange | 4.2.1 | All | All | All |
| Application | Ibm | Trading Partner Interchange | 4.2.1 | All | All | All |
| Application | Ibm | Trading Partner Interchange | All | All | All | All |
| Application | Jetty | Jetty Http Server | 3.1.6 | All | All | All |
| Application | Jetty | Jetty Http Server | 3.1.7 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.1.0 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.1.0_rc4 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.1.1 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.11 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.12 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.14 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.15 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.16 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.17 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.18 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.19 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.4 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.5 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.6 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.7 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.9 | All | All | All |
| Application | Jetty | Jetty Http Server | 3.1.6 | All | All | All |
| Application | Jetty | Jetty Http Server | 3.1.7 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.1.0 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.1.0_rc4 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.1.1 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.11 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.12 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.14 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.15 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.16 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.17 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.18 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.19 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.4 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.5 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.6 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.7 | All | All | All |
| Application | Jetty | Jetty Http Server | 4.2.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| [Full-disclosure] [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability | FULLDISC | lists.grok.org.uk | |
| Secunia - Advisories - IBM Trading Partner Interchange Arbitrary File Access Vulnerability | SECUNIA | secunia.com | Vendor Advisory |
| SecurityTracker.com Archives - IBM Trading Partner Interchange May Disclose Files to Remote Users | SECTRACK | securitytracker.com | |
| Unicenter Web Services Distributed Management Discloses Files to Remote Users - SecurityTracker | SECTRACK | securitytracker.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| 10490 | OSVDB | www.osvdb.org | |
| Jetty Directory Traversal Vulnerability | BID | www.securityfocus.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| CA Unicenter Web Service Distributed Management Directory Traversal - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| IBM notice: The page you requested cannot be displayed | MISC | www-1.ibm.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.