Release DateDec 24, 2011 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates a possible attempt to exploit a Cross Site Scripting vulnerability in the Admin Server for iPlanet WebServer.The vulnerability may allow remote attackers to execute a web script or HTML as the iPlanet administrator by injecting the desired script into error logs. It may also be possible to escalate privileges by using the XSS vulnerability in conjunction with another issue. |
Affected ProductsSun ONE Web Server 6.0 SP1 and earlier versions. |
Recommended ActionsUpgrade to Sun ONE Web Server 4.1 SP11 or later. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2002-1315 |
Reference/shttp://www.securityfocus.com/bid/6202 (BugTraq) |
