Vulnerability Description
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netscape | Enterprise Server | 3.6 |
| Sun | Iplanet Web Server | 4.1 |
| Sun | One Application Server | 6.0 |
| Sun | One Web Server | 6.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
- http://www.iss.net/security_center/static/9517.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5191ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
- http://www.iss.net/security_center/static/9517.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5191ExploitPatchVendor Advisory
FAQ
What is CVE-2002-1042?
CVE-2002-1042 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read ar...
How severe is CVE-2002-1042?
CVE-2002-1042 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1042?
Check the references section above for vendor advisories and patch information. Affected products include: Netscape Enterprise Server, Sun Iplanet Web Server, Sun One Application Server, Sun One Web Server.