Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1042

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1042
Last Modified 05 Sep 2008 04:29:37
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1042

Summary

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.

Vulnerable Systems

Application

  • Netscape Enterprise Server 3.6

  • Sun Iplanet Web Server 4.1

  • Sun One Application Server 6.0

  • Sun One Web Server 6.0


References

BID - 5191

XF - iplanet-search-view-files(9517)

BUGTRAQ - 20020709 iPlanet Remote File Viewing


Last Updated: 27 May 2016 10:37:10