Netscape.Search.NS.Query.Pat.Directory.Traversal

description-logoDescription

This indicates an attack attempt against a directory-traversal vulnerability in the search engine for iPlanet web server and Netscape Enterprise Server.
A vulnerability has been reported in the search engine for iPlanet web server and Netscape Enterprise Server that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "NS-query-pat" parameter value. An attacker may browser arbitrary files by sending a crafted HTTP request.

affected-products-logoAffected Products

Sun ONE Web Server 6.0 SP3
Sun ONE Web Server 6.0 SP2
Sun ONE Web Server 6.0 SP1
Sun ONE Web Server 6.0
Sun ONE Web Server 4.1 SP10
Netscape Enterprise Server 3.6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0 SP1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1
iPlanet E-Commerce Solutions iPlanet Web Server 6.0 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 6.0 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 6.0
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the appropriate patch, available from the following web sites:
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server 4.1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP7
* iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP11
Sun ONE Web Server 6.0
Sun ONE Web Server 6.0 SP2
Sun ONE Web Server 6.0 SP3
Sun ONE Web Server 6.0 SP1
* Sun ONE Web Server 6.0 Service Pack 4

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-11-21 13.495 Default_action:pass:drop