CVE-2002-1042

Currently unrated

Key Information:

Vendor: Oracle
Status: One Web Server; One Application Server; Iplanet Web Server; Enterprise Server
Vendor: CVE Published:; 4 October 2002

Summary

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.

References

http://archives.neohapsis.com/archives/bugtraq/2002-07/00...

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/9517.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5191

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Aug 27, 2002