CVE Vulnerabilities

CVE-2002-1042

Published: Oct 04, 2002 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via .. (dot-dot backslash) sequences in the NS-query-pat parameter.

Affected Software

Name Vendor Start Version End Version
Enterprise_server Netscape 3.6 (including) 3.6 (including)
Iplanet_web_server Sun 4.1 (including) 4.1 (including)
Iplanet_web_server Sun 4.1-sp1 (including) 4.1-sp1 (including)
Iplanet_web_server Sun 4.1-sp10 (including) 4.1-sp10 (including)
Iplanet_web_server Sun 4.1-sp2 (including) 4.1-sp2 (including)
Iplanet_web_server Sun 4.1-sp3 (including) 4.1-sp3 (including)
Iplanet_web_server Sun 4.1-sp4 (including) 4.1-sp4 (including)
Iplanet_web_server Sun 4.1-sp5 (including) 4.1-sp5 (including)
Iplanet_web_server Sun 4.1-sp6 (including) 4.1-sp6 (including)
Iplanet_web_server Sun 4.1-sp7 (including) 4.1-sp7 (including)
Iplanet_web_server Sun 4.1-sp8 (including) 4.1-sp8 (including)
Iplanet_web_server Sun 4.1-sp9 (including) 4.1-sp9 (including)
One_application_server Sun 6.0 (including) 6.0 (including)
One_application_server Sun 6.0-sp1 (including) 6.0-sp1 (including)
One_application_server Sun 6.0-sp2 (including) 6.0-sp2 (including)
One_web_server Sun 6.0-sp3 (including) 6.0-sp3 (including)

References