Vulnerabilities > CVE-2002-1042
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 25 |
Exploit-Db
| description | iPlanet Web Server 4.1 Search Component File Disclosure Vulnerability. CVE-2002-1042. Remote exploits for multiple platform |
| id | EDB-ID:21603 |
| last seen | 2016-02-02 |
| modified | 2002-07-09 |
| published | 2002-07-09 |
| reporter | Qualys Corporation |
| source | https://www.exploit-db.com/download/21603/ |
| title | iPlanet Web Server 4.1 - Search Component File Disclosure Vulnerability |
Nessus
| NASL family | Web Servers |
| NASL id | IPLANET_SEARCH.NASL |
| description | An attacker may be able to read arbitrary files on the remote web server, using the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11043 |
| published | 2002-07-10 |
| reporter | This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/11043 |
| title | iPlanet Search Engine search CGI Arbitrary File Access |