File Access Vulnerability in Jetty HTTP Server Affecting IBM and CA Products
CVE-2004-2478

Currently unrated

Key Information:

Vendor: IBM
Status: Trading Partner Interchange; Jetty Http Server; Unicenter Web Services Distributed Management
Vendor: CVE Published:; 31 December 2004

Summary

The Jetty HTTP Server contains a vulnerability that allows remote attackers to read arbitrary files on the server through a manipulation of URL paths using directory traversal techniques. This issue has been observed in products such as IBM Trading Partner Interchange and CA Unicenter WSDM, enabling unauthorized access to sensitive files, which poses significant risks to data integrity and confidentiality. Users of these products are advised to apply patches or updates to mitigate the risk associated with this vulnerability.

References

http://secunia.com/advisories/12703

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/3873

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/11330

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Aug 21, 2005
Vulnerability published
Dec 31, 2004