Detections
Analytics

Verity Ultraseek < 5.7 Multiple Vulnerabilities

critical Nessus Plugin ID 23651

Language:

Synopsis

The remote web server is affected by multiple issues.

Description

The remote host is running Ultraseek, an enterprise web search engine.

According to the version in its banner, an unauthenticated, remote attacker reportedly can use '/highlight/index.html' script on the remote install of Ultraseek as a proxy to launch web attacks or even enumerate internal addresses and ports.

In addition, the remote software also suffers from numerous information disclosure vulnerabilities through other scripts.

Solution

Upgrade to Ultraseek 5.7 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-06-042/

https://www.securityfocus.com/archive/1/451847/30/0/threaded

http://www.ultraseek.com/support/docs/RELNOTES.txt

Plugin Details

Severity: Critical

ID: 23651

File Name: ultraseek_570.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 11/18/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:autonomy_ultraseek

Exploit Ease: No exploit is required

Vulnerability Publication Date: 11/15/2006

Reference Information

CVE: CVE-2006-5819

BID: 21120