CVE-2004-2478

high

Description

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17600

http://www.vupen.com/english/advisories/2006/3873

http://www.securityfocus.com/bid/11330

http://www.securityfocus.com/archive/1/447648/100/0/threaded

http://www.osvdb.org/10490

http://www-1.ibm.com/support/docview.wss?uid=swg21178665

http://securitytracker.com/id?1016975

http://securitytracker.com/id?1011545

http://secunia.com/advisories/22229

http://secunia.com/advisories/12703

http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High