CVE-2002-1315
Summary
| CVE | CVE-2002-1315 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-11-29 05:00:00 UTC |
| Updated | 2016-10-18 02:25:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316). |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Iplanet | Iplanet Web Server | 4.1 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp1 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp10 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp11 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp2 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp3 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp4 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp5 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp6 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp7 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp8 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp9 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp1 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp10 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp11 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp2 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp3 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp4 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp5 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp6 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp7 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp8 | All | All | All |
| Application | Iplanet | Iplanet Web Server | 4.1_sp9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 20021119 iPlanet WebServer, remote root compromise | BUGTRAQ | marc.info | |
| 20021118 iPlanet WebServer, remote root compromise | VULNWATCH | archives.neohapsis.com | Exploit, Vendor Advisory |
| 404 Not Found | MISC | www.ngsec.com | Exploit, Vendor Advisory |
| iPlanet Admin Server Cross Site Scripting Vulnerability | BID | www.securityfocus.com | Exploit |
| ISS X-Force Database: iplanet-admin-log-xss (10692): iPlanet (Sun ONE) Web Server admin error log cross-site scripting | XF | www.iss.net | Exploit |
| #49475: Security Vulnerabilities with Sun ONE Web Server 4.1SP11 and Earlier java.lang.NullPointerException | SUNALERT | sunsolve.sun.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.