The iPlanet WebServer v4.x up to SP11 contains vulnerabilities which allow remote root command execution by using a cross site scripting vulnerability to redirect the Administrator’s browser to a URL in a vulnerable perl script that will cause the open() command injection.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/30486/NGSEC-2002-4.txt
Source: https://packetstormsecurity.com/files/30486/Next-Generation-Security-Advisory-2002.4.html