Info

Disclosure

Nov 15, 2006

Discovery

Feb 01, 2006

Dates

Exploit

Nov 16, 2006

Solution

Unknown

Description

Ultraseek allows attackers to use the highlight feature to load remote pages. Full URLs sent to the "url" parameter of /highlight/index.html will be loaded by the Ultraseek server, then sent to the browser. This can be used to load URLs the web server running Ultraseek can contact which may not be accessible from the client. Through the same parameter, error messages can determine the existence of hosts, and determine if ports are open. It may also execute script code contained in the loaded HTML.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 5.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Verity	Ultraseek	5.5.0
		5.6.0
		5.6.1
		5.6.2

References

CVE ID: 2006-5819 (see also: NVD)
Secunia Advisory ID: 22892
Related OSVDB ID: 30287 30288 30289
ISS X-Force ID: 30311
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0289.html
Other Advisory URL: http://zerodayinitiative.com/advisories/ZDI-06-042.html

Credit

Sullo - sullocirt.net - cirt.net

Direct URL: http://osvdb.org/36218