Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1316

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2002-1316
Last Modified 05 Sep 2008 04:30:17
Published 29 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-1316

Summary

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

Vulnerable Systems

Application

  • Iplanet Web Server 4.1

  • Iplanet Web Server 4.1 Sp1

  • Iplanet Web Server 4.1 Sp10

  • Iplanet Web Server 4.1 Sp11

  • Iplanet Web Server 4.1 Sp2

  • Iplanet Web Server 4.1 Sp3

  • Iplanet Web Server 4.1 Sp4

  • Iplanet Web Server 4.1 Sp5

  • Iplanet Web Server 4.1 Sp6

  • Iplanet Web Server 4.1 Sp7

  • Iplanet Web Server 4.1 Sp8

  • Iplanet Web Server 4.1 Sp9


References

BID - 6203

MISC - http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt

XF - iplanet-perl-command-execution(10693)

SUNALERT - 49475

BUGTRAQ - 20021119 iPlanet WebServer, remote root compromise

VULNWATCH - 20021118 iPlanet WebServer, remote root compromise


Last Updated: 27 May 2016 10:37:16