CVE-2002-1042
Summary
| CVE | CVE-2002-1042 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-10-04 04:00:00 UTC |
| Updated | 2008-09-05 20:29:00 UTC |
| Description | Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netscape | Enterprise Server | 3.6 | All | All | All |
| Application | Netscape | Enterprise Server | 3.6 | All | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | All | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp1 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp1 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp10 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp10 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp2 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp2 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp3 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp3 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp4 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp4 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp5 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp5 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp6 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp6 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp7 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp7 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp8 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp8 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp9 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp9 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | All | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp1 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp1 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp10 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp10 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp2 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp2 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp3 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp3 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp4 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp4 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp5 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp5 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp6 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp6 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp7 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp7 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp8 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp8 | enterprise | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp9 | All | All |
| Application | Sun | Iplanet Web Server | 4.1 | sp9 | enterprise | All |
| Application | Sun | One Application Server | 6.0 | All | All | All |
| Application | Sun | One Application Server | 6.0 | sp1 | All | All |
| Application | Sun | One Application Server | 6.0 | sp2 | All | All |
| Application | Sun | One Application Server | 6.0 | All | All | All |
| Application | Sun | One Application Server | 6.0 | sp1 | All | All |
| Application | Sun | One Application Server | 6.0 | sp2 | All | All |
| Application | Sun | One Web Server | 6.0 | sp3 | All | All |
| Application | Sun | One Web Server | 6.0 | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ISS X-Force Database: iplanet-search-view-files (9517): iPlanet Web Server search engine NS-query-pat file viewing | XF | www.iss.net | Patch, Vendor Advisory |
| iPlanet Web Server Search Component File Disclosure Vulnerability | BID | www.securityfocus.com | Exploit, Patch, Vendor Advisory |
| 20020709 iPlanet Remote File Viewing | BUGTRAQ | archives.neohapsis.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.