Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026
CVE-2004-2478
CVE-2004-2478
Description
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22- cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*Range: <=3.1
cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*range: <=4.2.2
- cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
11- secunia.com/advisories/12703nvdVendor Advisory
- secunia.com/advisories/22229nvdVendor Advisory
- www-1.ibm.com/support/docview.wssnvdVendor Advisory
- www.vupen.com/english/advisories/2006/3873nvdVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.htmlnvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- www.osvdb.org/10490nvd
- www.securityfocus.com/archive/1/447648/100/0/threadednvd
- www.securityfocus.com/bid/11330nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17600nvd
News mentions
0No linked articles in our index yet.