CVE-2002-1042

Netscape Enterprise Server - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Qualys Corporation · textremotemultiple

https://www.exploit-db.com/exploits/21603

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] http://www.iss.net/security_center/static/9517.php

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/5191

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html

Scores

EPSS 0.1055

EPSS Percentile 93.1%

Classification

Status draft

Affected Products (26)

netscape/enterprise_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

sun/iplanet_web_server

... and 11 more

Timeline

Published Oct 04, 2002

Tracked Since Feb 18, 2026