Description
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by CORE-SDI · textremotewindows
https://www.exploit-db.com/exploits/20325
exploitdb
WRITEUP
VERIFIED
by CORE-SDI · textremotewindows
https://www.exploit-db.com/exploits/20324
References (6)
Core 6
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1839
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5421
Various Sources x_refsource_confirm
http://www.iplanet.com/downloads/patches/0122.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/4086
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/486
Scores
EPSS
0.0401
EPSS Percentile
88.5%
Details
Status
published
Products (2)
netscape/directory_server
4.12
sun/iplanet_certificate_management_system
4.2
Published
Dec 11, 2000
Tracked Since
Feb 18, 2026