5

CVE-2002-1042

Exploit

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.

Data is provided by the National Vulnerability Database (NVD)
NetscapeEnterprise Server Version3.6
SunIplanet Web Server Version4.1
SunIplanet Web Server Version4.1 Updatesp1
SunIplanet Web Server Version4.1 Updatesp1 Editionenterprise
SunIplanet Web Server Version4.1 Updatesp10
SunIplanet Web Server Version4.1 Updatesp10 Editionenterprise
SunIplanet Web Server Version4.1 Updatesp2
SunIplanet Web Server Version4.1 Updatesp2 Editionenterprise
SunIplanet Web Server Version4.1 Updatesp3
SunIplanet Web Server Version4.1 Updatesp3 Editionenterprise
SunIplanet Web Server Version4.1 Updatesp4
SunIplanet Web Server Version4.1 Updatesp4 Editionenterprise
SunIplanet Web Server Version4.1 Updatesp5
SunIplanet Web Server Version4.1 Updatesp5 Editionenterprise
SunIplanet Web Server Version4.1 Updatesp6
SunIplanet Web Server Version4.1 Updatesp6 Editionenterprise
SunIplanet Web Server Version4.1 Updatesp7
SunIplanet Web Server Version4.1 Updatesp7 Editionenterprise
SunIplanet Web Server Version4.1 Updatesp8
SunIplanet Web Server Version4.1 Updatesp8 Editionenterprise
SunIplanet Web Server Version4.1 Updatesp9
SunIplanet Web Server Version4.1 Updatesp9 Editionenterprise
SunOne Application Server Version6.0
SunOne Application Server Version6.0 Updatesp1
SunOne Application Server Version6.0 Updatesp2
SunOne Web Server Version6.0 Updatesp3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 8.58% 0.92
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
http://www.securityfocus.com/bid/5191
Patch
Vendor Advisory
Exploit