Vulnerability Name:

CVE-2002-1315 (CCN-10692)

Assigned:2002-11-19
Published:2002-11-19
Updated:2016-10-18
Summary:Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Nov 18 2002 - 21:58:26 CST
iPlanet WebServer, remote root compromise

Source: VULNWATCH
Type: Exploit, Vendor Advisory
20021118 iPlanet WebServer, remote root compromise

Source: MITRE
Type: CNA
CVE-2002-1315

Source: BUGTRAQ
Type: UNKNOWN
20021119 iPlanet WebServer, remote root compromise

Source: CCN
Type: Sun Alert ID: 49475
Security Vulnerabilities with Sun ONE Web Server 4.1SP11 and Earlier

Source: SUNALERT
Type: UNKNOWN
49475

Source: XF
Type: Exploit
iplanet-admin-log-xss(10692)

Source: CCN
Type: Next Generation Security Technologies Security Advisory NGSEC-2002-4
iPlanet WebServer, remote root compromise

Source: MISC
Type: Exploit, Vendor Advisory
http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt

Source: CCN
Type: OSVDB ID: 14523
Sun iPlanet WebServer Admin Server Error Log XSS

Source: CCN
Type: OSVDB ID: 14524
iPlanet WebServer Admin Server Perl Script open() Function Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 62234
Sun ONE Web Server iPlanet Log Analyzer Crafted DNS Response Inverse Lookup Log Corruption XSS

Source: CCN
Type: OSVDB ID: 9220
Sun ONE/iPlanet Web Server Admin Server Error Log XSS

Source: BID
Type: Exploit
6202

Source: CCN
Type: BID-6202
iPlanet Admin Server Cross Site Scripting Vulnerability

Source: CCN
Type: Sun Microsystems Web site
Sun ONE Web Server - Overview

Source: XF
Type: UNKNOWN
iplanet-admin-log-xss(10692)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:iplanet:iplanet_web_server:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp1:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp2:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp3:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp4:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp5:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp6:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp7:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp8:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp9:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp10:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp11:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:iplanet_web_server:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    iplanet iplanet web server 4.1
    iplanet iplanet web server 4.1_sp1
    iplanet iplanet web server 4.1_sp2
    iplanet iplanet web server 4.1_sp3
    iplanet iplanet web server 4.1_sp4
    iplanet iplanet web server 4.1_sp5
    iplanet iplanet web server 4.1_sp6
    iplanet iplanet web server 4.1_sp7
    iplanet iplanet web server 4.1_sp8
    iplanet iplanet web server 4.1_sp9
    iplanet iplanet web server 4.1_sp10
    iplanet iplanet web server 4.1_sp11
    sun iplanet web server 4.1
    sun iplanet web server 4.1 sp1
    sun iplanet web server 4.1 sp10
    sun iplanet web server 4.1 sp2
    sun iplanet web server 4.1 sp3
    sun iplanet web server 4.1 sp4
    sun iplanet web server 4.1 sp5
    sun iplanet web server 4.1 sp6
    sun iplanet web server 4.1 sp7
    sun iplanet web server 4.1 sp8
    sun iplanet web server 4.1 sp9
    sun iplanet web server 4.1 sp11