Vulnerability Description
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ca | Unicenter Web Services Distributed Management | <= 3.1 |
| Ibm | Trading Partner Interchange | <= 4.2.2 |
| Jetty | Jetty Http Server | 3.1.6 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
- http://secunia.com/advisories/12703Vendor Advisory
- http://secunia.com/advisories/22229Vendor Advisory
- http://securitytracker.com/id?1011545
- http://securitytracker.com/id?1016975
- http://www-1.ibm.com/support/docview.wss?uid=swg21178665Vendor Advisory
- http://www.osvdb.org/10490
- http://www.securityfocus.com/archive/1/447648/100/0/threaded
- http://www.securityfocus.com/bid/11330
- http://www.vupen.com/english/advisories/2006/3873Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
- http://secunia.com/advisories/12703Vendor Advisory
- http://secunia.com/advisories/22229Vendor Advisory
- http://securitytracker.com/id?1011545
FAQ
What is CVE-2004-2478?
CVE-2004-2478 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other...
How severe is CVE-2004-2478?
CVE-2004-2478 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2478?
Check the references section above for vendor advisories and patch information. Affected products include: Ca Unicenter Web Services Distributed Management, Ibm Trading Partner Interchange, Jetty Jetty Http Server.