Vulnerability Details CVE-2002-1042
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.075
EPSS Ranking 91.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
- http://www.iss.net/security_center/static/9517.php
- http://www.securityfocus.com/bid/5191
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
- http://www.iss.net/security_center/static/9517.php
- http://www.securityfocus.com/bid/5191
Products affected by CVE-2002-1042
-
cpe:2.3:a:netscape:enterprise_server:3.6
-
cpe:2.3:a:sun:iplanet_web_server:4.1
-
cpe:2.3:a:sun:one_application_server:6.0
-
cpe:2.3:a:sun:one_web_server:6.0