7.5

CVE-2004-2478

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmTrading Partner Interchange Version <= 4.2.2
IbmTrading Partner Interchange Version4.2.1
JettyJetty Http Server Version3.1.6
JettyJetty Http Server Version3.1.7
JettyJetty Http Server Version4.1.0
JettyJetty Http Server Version4.1.0_rc4
JettyJetty Http Server Version4.1.1
JettyJetty Http Server Version4.2.4
JettyJetty Http Server Version4.2.5
JettyJetty Http Server Version4.2.6
JettyJetty Http Server Version4.2.7
JettyJetty Http Server Version4.2.9
JettyJetty Http Server Version4.2.11
JettyJetty Http Server Version4.2.12
JettyJetty Http Server Version4.2.14
JettyJetty Http Server Version4.2.15
JettyJetty Http Server Version4.2.16
JettyJetty Http Server Version4.2.17
JettyJetty Http Server Version4.2.18
JettyJetty Http Server Version4.2.19
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.42% 0.82
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
http://secunia.com/advisories/12703
Vendor Advisory
http://secunia.com/advisories/22229
Vendor Advisory
http://securitytracker.com/id?1011545
http://securitytracker.com/id?1016975
http://www-1.ibm.com/support/docview.wss?uid=swg21178665
Vendor Advisory
http://www.osvdb.org/10490
http://www.securityfocus.com/archive/1/447648/100/0/threaded
http://www.securityfocus.com/bid/11330
http://www.vupen.com/english/advisories/2006/3873
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600