Description
Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by David Litchfield · textremotemultiple
https://www.exploit-db.com/exploits/19443
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=93346448121208&w=2
Mailing List mailing-list
x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=93337389603117&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/559
Scores
EPSS
0.0696
EPSS Percentile
91.5%
Details
Status
published
Products (1)
netscape/enterprise_server
< 3.5.1
Published
Jul 30, 1999
Tracked Since
Feb 18, 2026