CVE-2002-1042

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/5191	Exploit Patch Vendor Advisory
http://www.iss.net/security_center/static/9517.php	Patch Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp5::::::
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp6::::::
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:::::*
	cpe:2.3:a:netscape:enterprise_server:3.6:::::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:::::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp7::::::
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:::::*
	cpe:2.3:a:sun:one_web_server:6.0:sp3::::::
	cpe:2.3:a:sun:one_application_server:6.0:sp1::::::
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp9::::::
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp10::::::
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp1::::::
	cpe:2.3:a:sun:one_application_server:6.0:::::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp2::::::
	cpe:2.3:a:sun:one_application_server:6.0:sp2::::::
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp4::::::
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp8::::::
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:::::*
	cpe:2.3:a:sun:iplanet_web_server:4.1:sp3::::::

Information

Published : 2002-10-03 21:00

Updated : 2008-09-05 13:29

NVD link : CVE-2002-1042

Mitre link : CVE-2002-1042

JSON object : View

CWE

NVD-CWE-Other

Products Affected

sun

iplanet_web_server
one_application_server
one_web_server

netscape

enterprise_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/5191", "name": "5191", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/9517.php", "name": "iplanet-search-view-files(9517)", "tags": ["Patch", "Vendor Advisory"], "refsource": "XF"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html", "name": "20020709 iPlanet Remote File Viewing", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in the NS-query-pat parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1042", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-10-04T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:29Z"}

5.0 /10