GEN:SID 1:1828
Message WEB-MISC iPlanet Search directory traversal attempt
Summary This event is generated when an attempt is made to use a known
vulnerability in the search functionality of certain web servers to view
otherwise restricted files.
Impact If successful, this attack will allow an attacker to view the contents
of any file on the server.
Detailed Information The search engine in older versions of Netscape Enterprise Server and
its succesors uses HTML formatted pattern files to query users for
search paramters and return the results. The "NS-query-pat" command
allows clients to specify a pattern file other than the default.
Unfortunately, the search engine does not validate the filename
requested and allows clients to specify any file on the server, which is
then displayed to the client.
Affected Systems Netscape Enterprise Server 3.6 and earlier
    iPlanet Web Server 4.1
    iPlanet/Sun ONE Web Server 6.0 up to Service Pack 4
    Netscape Enterprise Server 6.0
Attack Scenarios An attacker could use this vulnerability to find user names and
passwords, SSL certificate files and related passwords, source code, or
just about any other information on the server.
Ease of Attack Simple. No exploit software required.
Corrective Action Disable the search engine or procure a patch from your web server vendor.
Additional References CVE
CAN-2002-1042
Rule References bugtraq: 5191
cve: 2002-1042
nessus: 11043