Vulnerability Report

CVE-2002-1042

Title: iPlanet/Netscape Enterprise Server search engine directory traversal

Information disclosure

Proof Of Concept

PoC Available for CVE-2002-1042

CWE Category NVD-CWE-noinfo
Published Date Oct 04, 2002
Modified Date Apr 03, 2025
Exploit Status Available
Score 5.0 CVSS v2.0
Exploit Probability (EPSS)
10.55%

Vulnerability Summary

CVE-2002-1042: Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.

Impacted Vendors

N
netscape 1
I
iplanet 1
S
sun 3
B
blackberry 1

Reference Links

http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html http://www.iss.net/security_center/static/9517.php http://www.securityfocus.com/bid/5191 http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html http://www.iss.net/security_center/static/9517.php http://www.securityfocus.com/bid/5191
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
5.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2002-1042 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/21603
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected Stack

No specific products linked.