CVE-2002-1316: XSS
First published: Thu Nov 21 2002(Updated: )
importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iPlanet Web Server | =4.1 | |
| iPlanet Web Server | =4.1_sp1 | |
| iPlanet Web Server | =4.1_sp2 | |
| iPlanet Web Server | =4.1_sp3 | |
| iPlanet Web Server | =4.1_sp4 | |
| iPlanet Web Server | =4.1_sp5 | |
| iPlanet Web Server | =4.1_sp6 | |
| iPlanet Web Server | =4.1_sp7 | |
| iPlanet Web Server | =4.1_sp8 | |
| iPlanet Web Server | =4.1_sp9 | |
| iPlanet Web Server | =4.1_sp10 | |
| iPlanet Web Server | =4.1_sp11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html
- http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1
- http://www.securityfocus.com/bid/6203
- http://www.iss.net/security_center/static/10693.php
- http://marc.info/?l=bugtraq&m=103772308030269&w=2
Frequently Asked Questions
What is the severity of CVE-2002-1316?
CVE-2002-1316 is considered a high-severity vulnerability due to the ability for web administrators to execute arbitrary commands.
How do I fix CVE-2002-1316?
To fix CVE-2002-1316, upgrade to a newer, patched version of iPlanet Web Server beyond SP11.
What versions of iPlanet Web Server are affected by CVE-2002-1316?
CVE-2002-1316 affects iPlanet Web Server versions 4.1 up to SP11, including all SP versions from 1 to 11.
Can CVE-2002-1316 be exploited remotely?
Yes, CVE-2002-1316 may allow remote attackers to exploit the vulnerability through shell metacharacters in the dir parameter.
What is the relationship between CVE-2002-1316 and CVE-2002-1315?
CVE-2002-1316 may be leveraged together with CVE-2002-1315, which pertains to a cross-site scripting (XSS) issue.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/iplanet
- product/iplanet web server
- canonical/iplanet iplanet web server
- canonical/iplanet web server
- version/iplanet web server/4.1
- version/iplanet web server/4.1_sp1
- version/iplanet web server/4.1_sp2
- version/iplanet web server/4.1_sp3
- version/iplanet web server/4.1_sp4
- version/iplanet web server/4.1_sp5
- version/iplanet web server/4.1_sp6
- version/iplanet web server/4.1_sp7
- version/iplanet web server/4.1_sp8
- version/iplanet web server/4.1_sp9
- version/iplanet web server/4.1_sp10
- version/iplanet web server/4.1_sp11