PT-2002-2257 · Oracle · Iplanet Web Server

Published

2002-11-21

Updated

2016-10-18

CVE-2002-1316

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: iPlanet WebServer versions 4.x up to SP11

Description: The issue allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter. It may also be possible for remote attackers to exploit this issue via a separate XSS problem.

Recommendations: For iPlanet WebServer versions 4.x up to SP11, consider restricting access to the Admin Server to minimize the risk of exploitation. As a temporary workaround, avoid using shell metacharacters in the dir parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1316

Affected Products

Iplanet Web Server

PT-2002-2257 · Oracle · Iplanet Web Server

CVE-2002-1316

Related Identifiers

Affected Products

References · 7