Signature Detail
Short Name |
HTTP:PKG:NS-QUERY-PAT |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
iPlanet Directory Traversal |
Release Date |
2006/10/20 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: iPlanet Directory Traversal
This signature detects attempts to exploit a known vulnerability in the iPlanet Web Server search engine. If successful, an attacker can access any file on the Web server.
Extended Description
The iPlanet Web Server search engine is prone to a file disclosure vulnerability. It is possible for remote attackers to make requests to the search engine which will cause arbitrary readable files on the host running the vulnerable software to be disclosed to the attacker. This issue was reported for iPlanet Web Server on Microsoft Windows operating systems. Since the server typically runs in the SYSTEM context on these operating systems, it may be possible for an attacker to disclose the contents of arbitrary files. It has not been confirmed whether this vulnerability exists on other platforms that the software is compatible with. The search engine functionality does not appear to be available for versions of the software on Linux platforms. Netscape Enterprise Server 3.6 is also affected by this issue.
Affected Products
- Netscape Enterprise Server 3.6.0
- Sun iPlanet Web Server 4.1.0
- Sun iPlanet Web Server 4.1.0 SP1
- Sun iPlanet Web Server 4.1.0 SP10
- Sun iPlanet Web Server 4.1.0 SP2
- Sun iPlanet Web Server 4.1.0 SP3
- Sun iPlanet Web Server 4.1.0 SP4
- Sun iPlanet Web Server 4.1.0 SP5
- Sun iPlanet Web Server 4.1.0 SP6
- Sun iPlanet Web Server 4.1.0 SP7
- Sun iPlanet Web Server 4.1.0 SP8
- Sun iPlanet Web Server 4.1.0 SP9
- Sun iPlanet Web Server 6.0.0
- Sun iPlanet Web Server 6.0.0 SP1
- Sun iPlanet Web Server 6.0.0 SP2
- Sun iPlanet Web Server Enterprise 4.1 SP6
- Sun iPlanet Web Server Enterprise Edition 4.1.0
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP1
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP10
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP2
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP3
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP4
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP5
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP6
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP7
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP8
- Sun iPlanet Web Server Enterprise Edition 4.1.0 SP9
- Sun iPlanet Web Server Enterprise Edition 6.0.0
- Sun iPlanet Web Server Enterprise Edition 6.0.0 SP1
- Sun iPlanet Web Server Enterprise Edition 6.0.0 SP2
- Sun ONE Application Server 6.0.0
- Sun ONE Web Server 4.1.0 SP10
- Sun ONE Web Server 6.0.0
- Sun ONE Web Server 6.0.0 SP1
- Sun ONE Web Server 6.0.0 SP2
- Sun ONE Web Server 6.0.0 SP3
References
- BugTraq: 5191
- CVE: CVE-2002-1042