Vulnerability Details : CVE-2002-1042
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
Vulnerability category: Directory traversal
Products affected by CVE-2002-1042
- cpe:2.3:a:sun:iplanet_web_server:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*
- cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-1042
32.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-1042
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-1042
-
http://www.securityfocus.com/bid/5191
Exploit;Patch;Vendor Advisory
-
http://www.iss.net/security_center/static/9517.php
Patch;Vendor Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
Jump to