CVE-2004-2478 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-2478
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-2478

Description: Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/17600 ST 1011545 1016975 SAID Secunia Advisory: SA12703 Secunia Advisory: SA22229 OSVDB 10490 MISC http://www-1.ibm.com/support/docview.wss?uid=swg21178665 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447648/100/0/threaded BID 11330

Return to the previous page.