PT-2002-2256 · Oracle · Iplanet Web Server

Published

2002-11-21

Updated

2016-10-18

CVE-2002-1315

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: iPlanet WebServer versions 4.x up to SP11

Description: A cross-site scripting (XSS) issue allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs. This could potentially be used to escalate privileges when combined with another issue.

Recommendations: For iPlanet WebServer versions 4.x up to SP11, consider disabling access to error logs to minimize the risk of exploitation until a fix is available. Restrict administrative access to the server to reduce the potential impact of this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1315

Affected Products

Iplanet Web Server

PT-2002-2256 · Oracle · Iplanet Web Server

CVE-2002-1315

Related Identifiers

Affected Products

References · 7