Directory Traversal Vulnerability in iPlanet Web Server and Netscape Enterprise Server
CVE-2002-1042

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
4 October 2002

Summary

A directory traversal vulnerability exists in the search engine of the iPlanet Web Server versions 6.0 SP2 and 4.1 SP9, as well as Netscape Enterprise Server 3.6 on Windows platforms. This flaw allows attackers to exploit the NS-query-pat parameter, using sequences such as ..\ (dot-dot backslash), to read arbitrary files on the server. The improper validation of user inputs opens a pathway for unauthorized file access, potentially leading to further compromise if sensitive information is exposed.

References

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.