CVE-2002-1042

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/10/2002
Last modified:
03/04/2025

Description

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*