Description
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Qualys Corporation · textremotemultiple
https://www.exploit-db.com/exploits/21603
References (3)
Core 3
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9517.php
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5191
Scores
EPSS
0.1055
EPSS Percentile
93.3%
Details
Status
published
Products (4)
netscape/enterprise_server
3.6
sun/iplanet_web_server
4.1 (21 CPE variants)
sun/one_application_server
6.0 (3 CPE variants)
sun/one_web_server
6.0 sp3
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026