Directory Traversal Vulnerability in iPlanet Web Server and Netscape Enterprise Server
CVE-2002-1042
Currently unrated
Summary
A directory traversal vulnerability exists in the search engine of the iPlanet Web Server versions 6.0 SP2 and 4.1 SP9, as well as Netscape Enterprise Server 3.6 on Windows platforms. This flaw allows attackers to exploit the NS-query-pat parameter, using sequences such as ..\ (dot-dot backslash), to read arbitrary files on the server. The improper validation of user inputs opens a pathway for unauthorized file access, potentially leading to further compromise if sensitive information is exposed.
References
EPSS Score
7% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved