CVE-2002-1316

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

Published: Nov 29, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1316
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
iplanet / iplanet_web_server	4.1_sp8	4.1_sp8.x
iplanet / iplanet_web_server	4.1	4.1.x
iplanet / iplanet_web_server	4.1_sp11	4.1_sp11.x
iplanet / iplanet_web_server	4.1_sp4	4.1_sp4.x
iplanet / iplanet_web_server	4.1_sp2	4.1_sp2.x
iplanet / iplanet_web_server	4.1_sp5	4.1_sp5.x
iplanet / iplanet_web_server	4.1_sp1	4.1_sp1.x
iplanet / iplanet_web_server	4.1_sp10	4.1_sp10.x
iplanet / iplanet_web_server	4.1_sp7	4.1_sp7.x
iplanet / iplanet_web_server	4.1_sp9	4.1_sp9.x
iplanet / iplanet_web_server	4.1_sp6	4.1_sp6.x
iplanet / iplanet_web_server	4.1_sp3	4.1_sp3.x

Vulnerability Database

289,599

CVE-2002-1316