CVE DATABASE / CVE-2002-1042
CVE-2002-1042
CVSS 5 · MEDIUM
Summary
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
CVSS 2.0 breakdown
| Base score | 5 (MEDIUM) |
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | NONE |
| Availability | NONE |
Affected products
Netscape enterprise serverSun iplanet web serverSun one application serverSun one web server
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
- http://www.iss.net/security_center/static/9517.php
- http://www.securityfocus.com/bid/5191
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.