2.6

CVE-2003-1577

Exploit

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.

Data is provided by the National Vulnerability Database (NVD)
SunOne Web Server Updatesp12 Version <= 4.1
SunOne Web Server Version4.1
SunOne Web Server Version4.1 Updatesp1
SunOne Web Server Version4.1 Updatesp10
SunOne Web Server Version4.1 Updatesp11
SunOne Web Server Version4.1 Updatesp2
SunOne Web Server Version4.1 Updatesp3
SunOne Web Server Version4.1 Updatesp4
SunOne Web Server Version4.1 Updatesp5
SunOne Web Server Version4.1 Updatesp6
SunOne Web Server Version4.1 Updatesp7
SunOne Web Server Version4.1 Updatesp8
SunOne Web Server Version4.1 Updatesp9
SunOne Web Server Updatesp5 Version <= 6.0
SunOne Web Server Version6.0
SunOne Web Server Version6.0 Updatesp1
SunOne Web Server Version6.0 Updatesp2
SunOne Web Server Version6.0 Updatesp3
SunOne Web Server Version6.0 Updatesp4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.3% 0.5
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.