Netscape.Search.NS.Query.Pat.Directory.Traversal
Description
This indicates an attack attempt against a directory-traversal vulnerability in the search engine for iPlanet web server and Netscape Enterprise Server.
A vulnerability has been reported in the search engine for iPlanet web server and Netscape Enterprise Server that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "NS-query-pat" parameter value. An attacker may browser arbitrary files by sending a crafted HTTP request.
Affected Products
Sun ONE Web Server 6.0 SP3
Sun ONE Web Server 6.0 SP2
Sun ONE Web Server 6.0 SP1
Sun ONE Web Server 6.0
Sun ONE Web Server 4.1 SP10
Netscape Enterprise Server 3.6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0 SP1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1
iPlanet E-Commerce Solutions iPlanet Web Server 6.0 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 6.0 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 6.0
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the appropriate patch, available from the following web sites:
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server 4.1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP7
* iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP11
Sun ONE Web Server 6.0
Sun ONE Web Server 6.0 SP2
Sun ONE Web Server 6.0 SP3
Sun ONE Web Server 6.0 SP1
* Sun ONE Web Server 6.0 Service Pack 4
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-11-21 | 13.495 | Default_action:pass:drop |