Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1315

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2002-1315
Last Modified 05 Sep 2008 04:30:17
Published 29 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-1315

Summary

Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).

Vulnerable Systems

Application

  • Iplanet Web Server 4.1

  • Iplanet Web Server 4.1 Sp1

  • Iplanet Web Server 4.1 Sp10

  • Iplanet Web Server 4.1 Sp11

  • Iplanet Web Server 4.1 Sp2

  • Iplanet Web Server 4.1 Sp3

  • Iplanet Web Server 4.1 Sp4

  • Iplanet Web Server 4.1 Sp5

  • Iplanet Web Server 4.1 Sp6

  • Iplanet Web Server 4.1 Sp7

  • Iplanet Web Server 4.1 Sp8

  • Iplanet Web Server 4.1 Sp9


References

BID - 6202

MISC - http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt

XF - iplanet-admin-log-xss(10692)

SUNALERT - 49475

BUGTRAQ - 20021119 iPlanet WebServer, remote root compromise

VULNWATCH - 20021118 iPlanet WebServer, remote root compromise


Last Updated: 27 May 2016 10:37:16