Directory Traversal Vulnerability in iPlanet Web Server and Netscape Enterprise Server
CVE-2002-1042

Currently unrated

Key Information:

Vendor: Oracle
Status: One Web Server; One Application Server; Iplanet Web Server; Enterprise Server
Vendor: CVE Published:; 4 October 2002

Summary

A directory traversal vulnerability exists in the search engine of the iPlanet Web Server versions 6.0 SP2 and 4.1 SP9, as well as Netscape Enterprise Server 3.6 on Windows platforms. This flaw allows attackers to exploit the NS-query-pat parameter, using sequences such as ..\ (dot-dot backslash), to read arbitrary files on the server. The improper validation of user inputs opens a pathway for unauthorized file access, potentially leading to further compromise if sensitive information is exposed.

References

http://archives.neohapsis.com/archives/bugtraq/2002-07/00...

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/9517.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5191

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Aug 27, 2002