Vulnerability Description
importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iplanet | Iplanet Web Server | 4.1 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=103772308030269&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1
- http://www.iss.net/security_center/static/10693.php
- http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt
- http://www.securityfocus.com/bid/6203
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=103772308030269&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1
- http://www.iss.net/security_center/static/10693.php
- http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt
- http://www.securityfocus.com/bid/6203
FAQ
What is CVE-2002-1316?
CVE-2002-1316 is a vulnerability with a CVSS score of 6.8 (MEDIUM). importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remo...
How severe is CVE-2002-1316?
CVE-2002-1316 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1316?
Check the references section above for vendor advisories and patch information. Affected products include: Iplanet Iplanet Web Server.