iPlanet Web Server search engine NS-query-pat file viewing

iplanet-search-view-files (9517) The risk level is classified as MediumMedium Risk

Description:

iPlanet Web Server (now known as Sun ONE Web Server) could allow a remote attacker to view any file on the server, caused by a vulnerability in iPlanet's search engine. A remote attacker could send a search command containing the path to a known file specified using "dot dot" sequences (\..\) as a value for the NS-query-pat parameter, which would cause the search engine to return the contents of the requested file.


Consequences:

Obtain Information

Remedy:

Apply the latest Service Pack as listed below. Refer to Sun Alert ID: 46127 for more information. See References.

Sun ONE Web Server: Service Pack 4 or later
iPlanet Web Server 4.1: Service Pack 11 or later

References:

  • BugTraq Mailing List, Tue Jul 09 2002 - 15:32:16 CDT: iPlanet Remote File Viewing.
  • Sun Alert ID: 46127: Sun ONE Web Server Arbitrary Remote File Viewing Vulnerability.
  • Sun Microsystems Web site: Sun ONE Web Server - Overview.
  • BID-5191: iPlanet Web Server Search Component File Disclosure Vulnerability
  • CVE-2002-1042: Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
  • OSVDB ID: 846: iPlanet/One Web Server search Arbitrary File Access

Platforms Affected:

  • HP HP-UX 11
  • IBM AIX 4.3.3
  • IBM AIX 5.1
  • Microsoft Windows 2003 Server
  • RedHat Linux 6.2
  • RedHat Linux 7.1
  • Sun iPlanet Web Server 4.1
  • Sun iPlanet Web Server 6.0
  • Sun Solaris 2.6
  • Sun Solaris 7.0
  • Sun Solaris 8
  • Sun Solaris 9

Reported:

Jul 09, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page