1. CVE-Search
  2. CVE-2002-1042
ID CVE-2002-1042
Summary Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*
  • cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-09-2008 - 20:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 5191
bugtraq 20020709 iPlanet Remote File Viewing
xf iplanet-search-view-files(9517)
Last major update 05-09-2008 - 20:29
Published 04-10-2002 - 04:00
Last modified 05-09-2008 - 20:29
Back to Top