Directory Traversal Vulnerability in iPlanet Web Server and Netscape Enterprise Server
CVE-2002-1042

Currently unrated

Key Information:

Vendor

Oracle
Status
One Web Server
One Application Server
Iplanet Web Server
Enterprise Server
Vendor
CVE Published:
4 October 2002

What is CVE-2002-1042?

A directory traversal vulnerability exists in the search engine of the iPlanet Web Server versions 6.0 SP2 and 4.1 SP9, as well as Netscape Enterprise Server 3.6 on Windows platforms. This flaw allows attackers to exploit the NS-query-pat parameter, using sequences such as ..\ (dot-dot backslash), to read arbitrary files on the server. The improper validation of user inputs opens a pathway for unauthorized file access, potentially leading to further compromise if sensitive information is exposed.

References

http://archives.neohapsis.com/archives/bugtraq/2002-07/00...
mailing-listx_refsource_BUGTRAQ
http://www.iss.net/security_center/static/9517.php
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/5191
vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.