CVE-2002-1042
First published: Sat Aug 31 2002(Updated: )
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun ONE Web Server | =6.0-sp3 | |
| Sun ONE Application Server | =6.0-sp1 | |
| iPlanet Web Server | =4.1-sp9 | |
| iPlanet Web Server | =4.1-sp4 | |
| iPlanet Web Server | =4.1-sp10 | |
| iPlanet Web Server | =4.1-sp1 | |
| iPlanet Web Server | =4.1-sp7 | |
| Sun ONE Application Server | =6.0 | |
| iPlanet Web Server | =4.1-sp1 | |
| Netscape Enterprise Server | =3.6 | |
| iPlanet Web Server | =4.1-sp3 | |
| iPlanet Web Server | =4.1-sp8 | |
| iPlanet Web Server | =4.1-sp9 | |
| iPlanet Web Server | =4.1-sp5 | |
| iPlanet Web Server | =4.1-sp10 | |
| iPlanet Web Server | =4.1 | |
| iPlanet Web Server | =4.1-sp2 | |
| iPlanet Web Server | =4.1-sp6 | |
| Sun ONE Application Server | =6.0-sp2 | |
| iPlanet Web Server | =4.1-sp4 | |
| iPlanet Web Server | =4.1-sp6 | |
| iPlanet Web Server | =4.1-sp8 | |
| iPlanet Web Server | =4.1-sp7 | |
| iPlanet Web Server | =4.1-sp5 | |
| iPlanet Web Server | =4.1-sp2 | |
| iPlanet Web Server | =4.1-sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-1042?
CVE-2002-1042 is considered a medium severity vulnerability due to its potential to allow unauthorized file access.
How do I fix CVE-2002-1042?
To fix CVE-2002-1042, apply the latest service pack or patch provided by the vendor for the affected software.
What software is affected by CVE-2002-1042?
CVE-2002-1042 affects iPlanet Web Server and Sun ONE Web Server on specific versions running on Windows platforms.
What type of attack does CVE-2002-1042 facilitate?
CVE-2002-1042 facilitates directory traversal attacks, allowing remote attackers to read arbitrary server files.
When was CVE-2002-1042 disclosed?
CVE-2002-1042 was disclosed in July 2002, highlighting vulnerabilities in early web server software.
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sun
- canonical/sun one web server
- version/sun one web server/6.0-sp3
- canonical/sun one application server
- version/sun one application server/6.0-sp1
- canonical/iplanet web server
- version/iplanet web server/4.1-sp9
- version/iplanet web server/4.1-sp4
- version/iplanet web server/4.1-sp10
- version/iplanet web server/4.1-sp1
- version/iplanet web server/4.1-sp7
- version/sun one application server/6.0
- vendor/netscape
- canonical/netscape enterprise server
- version/netscape enterprise server/3.6
- version/iplanet web server/4.1-sp3
- version/iplanet web server/4.1-sp8
- version/iplanet web server/4.1-sp5
- version/iplanet web server/4.1
- version/iplanet web server/4.1-sp2
- version/iplanet web server/4.1-sp6
- version/sun one application server/6.0-sp2