Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2002-1042 | First vendor Publication | 2002-10-04 |
| Vendor | Cve | Last vendor Modification | 2008-09-05 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1042 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 846 | iPlanet/One Web Server search Arbitrary File Access iPlanet/One Web Server contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "search" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "NS-query-pat" variable. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | iPlanet Search directory traversal attempt RuleID : 1828-community - Revision : 16 - Type : SERVER-WEBAPP |
| 2014-01-10 | iPlanet Search directory traversal attempt RuleID : 1828 - Revision : 16 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2002-07-10 | Name : The remote web server is hosting a CGI application that is affected by an inf... File : iplanet_search.nasl - Type : ACT_ATTACK |
Sources (Detail)
| Source | Url |
|---|---|
| BID | http://www.securityfocus.com/bid/5191 |
| BUGTRAQ | http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html |
| XF | http://www.iss.net/security_center/static/9517.php |
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:01:45 |
|
| 2021-04-22 01:01:53 |
|
| 2020-05-23 00:15:04 |
|
| 2014-02-17 10:25:01 |
|
| 2014-01-19 21:21:47 |
|
| 2013-05-11 12:11:35 |
|
