← Back

CVE-2003-1577

nvd nist
Published: Feb 5, 2010Modified: Apr 29, 2026

JSON object

Loading...
2.6
Vector
AV:N/AC:H/Au:N/C:N/I:P/A:N
Exploitability: 4.9 / Impact: 2.9
Source: NVD

Description

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.

Affected (19)

Products: Sun: One Web Server
Sun
1 product
One Web Server
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Sun
One Web Server
Up to 4.1
One Web Server
Version 4.1
One Web Server
Version 4.1 sp10
One Web Server
Version 4.1 sp11
One Web Server
Version 4.1 sp1
One Web Server
Version 4.1 sp2
One Web Server
Version 4.1 sp3
One Web Server
Version 4.1 sp4
One Web Server
Version 4.1 sp5
One Web Server
Version 4.1 sp6
One Web Server
Version 4.1 sp7
One Web Server
Version 4.1 sp8
One Web Server
Version 4.1 sp9
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Sun
One Web Server
Up to 6.0
One Web Server
Version 6.0
One Web Server
Version 6.0 sp1
One Web Server
Version 6.0 sp2
One Web Server
Version 6.0 sp3
One Web Server
Version 6.0 sp4

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.