PT-2004-3370 · Ca+2 · Ca Unicenter Web Services Distributed Management+2

Publicado

2004-12-31

Atualizado

2018-10-19

CVE-2004-2478

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Jetty HTTP Server versions prior to 4.2.4 IBM Trading Partner Interchange versions prior to 4.2.4 CA Unicenter Web Services Distributed Management (WSDM) versions prior to 3.11

Description: The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. This could potentially lead to unauthorized access to sensitive information.

Recommendations: For Jetty HTTP Server versions prior to 4.2.4, update to version 4.2.4 or later to resolve the issue. For IBM Trading Partner Interchange versions prior to 4.2.4, update to version 4.2.4 or later to resolve the issue. For CA Unicenter Web Services Distributed Management (WSDM) versions prior to 3.11, update to version 3.11 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-2478

Produtos afetados

Ca Unicenter Web Services Distributed Management

Ibm Trading Partner Interchange

Jetty Http Server

PT-2004-3370 · Ca+2 · Ca Unicenter Web Services Distributed Management+2

CVE-2004-2478

Identificadores relacionados

Produtos afetados

Referências · 12