CVE-2002-1315 : Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServ

Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).

Published 2002-11-29 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2002-1315

Iplanet » Iplanet Web Server » Version: 4.1 Sp7
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp7:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp3
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp3:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp4
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp4:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp5
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp5:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp6
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp6:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1
cpe:2.3:a:iplanet:iplanet_web_server:4.1:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp10
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp10:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp11
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp11:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp8
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp8:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp9
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp9:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp2
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp2:*:*:*:*:*:*:*
Matching versions
Iplanet » Iplanet Web Server » Version: 4.1 Sp1
cpe:2.3:a:iplanet:iplanet_web_server:4.1_sp1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2002-1315

EPSS FAQ

2.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2002-1315

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2002-1315

http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1

CVEs referencing this url
http://marc.info/?l=bugtraq&m=103772308030269&w=2

'iPlanet WebServer, remote root compromise' - MARC

CVEs referencing this url
http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt

404 Not Found
Exploit;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/6202

Exploit
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html

Exploit;Vendor Advisory

CVEs referencing this url
http://www.iss.net/security_center/static/10692.php

Exploit

Jump to

Vulnerability Details : CVE-2002-1315

Products affected by CVE-2002-1315

Exploit prediction scoring system (EPSS) score for CVE-2002-1315

CVSS scores for CVE-2002-1315

References for CVE-2002-1315