CVE-2002-1316WEB Server vulnerability

3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
2.0%
top 16.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Iplanet WEB Server
Timeline
PublishedNov 29
Latest updateApr 30

Description

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDiplanet/iplanet_web_server12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-gx3x-pcq5-hjcw: importInfo in the Admin Server for iPlanet WebServer 42022-04-30
CVEList
CVE-2002-1316: importInfo in the Admin Server for iPlanet WebServer 42002-11-21
CVE-2002-1316 — Iplanet WEB Server vulnerability | cvebase