Vulnerability CVE-2004-2478


Published: 2004-12-31   Modified: 2012-02-12

Description:
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Type:

CWE-noinfo

Vendor: Jetty
Product: Jetty http server 
Version:
4.2.9
4.2.7
4.2.6
4.2.5
4.2.4
4.2.19
4.2.18
4.2.17
4.2.16
4.2.15
4.2.14
4.2.12
4.2.11
4.1.1
4.1.0_rc4
4.1.0
3.1.7
3.1.6
Vendor: IBM
Product: Trading partner interchange 
Version: 4.2.2; 4.2.1;
Vendor: CA
Product: Unicenter web services distributed management 
Version: 3.1;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
http://securitytracker.com/id?1011545
http://securitytracker.com/id?1016975
http://www-1.ibm.com/support/docview.wss?uid=swg21178665
http://www.securityfocus.com/archive/1/447648/100/0/threaded
http://www.securityfocus.com/bid/11330
http://www.vupen.com/english/advisories/2006/3873
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600

Related CVE
CVE-2019-13658
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVE-2019-7394
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to g...
CVE-2019-7393
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive i...
CVE-2019-7392
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.
CVE-2018-19635
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
CVE-2018-19634
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
CVE-2018-13826
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
CVE-2018-13825
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.

Copyright 2019, cxsecurity.com

 

Back to Top