CVE-2004-2478

Currently unrated

Key Information:

Vendor: IBM
Status: Trading Partner Interchange; Jetty Http Server; Unicenter Web Services Distributed Management
Vendor: CVE Published:; 31 December 2004

Summary

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

References

http://secunia.com/advisories/12703

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/3873

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/11330

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Aug 21, 2005
Vulnerability published
Dec 31, 2004