Vulnerabilities > CVE-2002-1042
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 25 | |
| Application | 1 |
Exploit-Db
| description | iPlanet Web Server 4.1 Search Component File Disclosure Vulnerability. CVE-2002-1042. Remote exploits for multiple platform |
| id | EDB-ID:21603 |
| last seen | 2016-02-02 |
| modified | 2002-07-09 |
| published | 2002-07-09 |
| reporter | Qualys Corporation |
| source | https://www.exploit-db.com/download/21603/ |
| title | iPlanet Web Server 4.1 - Search Component File Disclosure Vulnerability |
Nessus
| NASL family | Web Servers |
| NASL id | IPLANET_SEARCH.NASL |
| description | An attacker may be able to read arbitrary files on the remote web server, using the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11043 |
| published | 2002-07-10 |
| reporter | This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/11043 |
| title | iPlanet Search Engine search CGI Arbitrary File Access |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
- http://www.iss.net/security_center/static/9517.php
- http://www.iss.net/security_center/static/9517.php
- http://www.securityfocus.com/bid/5191
- http://www.securityfocus.com/bid/5191