CVE-2002-1315

Name of the Vulnerable Software and Affected Versions: iPlanet WebServer versions 4.x up to SP11

Description: A cross-site scripting (XSS) issue allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs. This could potentially be used to escalate privileges when combined with another issue.

Recommendations: For iPlanet WebServer versions 4.x up to SP11, consider disabling access to error logs to minimize the risk of exploitation until a fix is available. Restrict administrative access to the server to reduce the potential impact of this issue.