Vulnerability Note VU#202753

Autonomy Ultraseek URL redirection vulnerability

Overview

The Autonomy Ultraseek search engine contains a URL redirection vulnerability that may allow an attacker to redirect website users to other sites.

I. Description

The Autonomy Ultraseek search engine contains a URL redirection vulnerability in the /cs.html?url= paramater. The destination URL can be obsfucated in the redirect by using URL encoding techniques. To exploit this issue, an attacker would need to get a user to click on a link or browse to a website.

II. Impact

An attacker may be able to redirect a user to any website.

III. Solution

Ultraseek administrators should contact Ultraseek support for information on how to obtain updated software that addresses this issue.

Workarounds

Using firewalls, reverse proxy servers, or web application firewalls to block URLs that contain the string /cs.html?url= may prevent some attackers from exploiting this vulnerablity. This workaournd can be evaded by URL obsfucation/encoding and will not be completely effective if the web server uses SSL.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Ultraseek	Vulnerable	2009-01-08	2009-01-28
Verity, Inc.	Vulnerable	2009-01-08	2009-01-28

References

http://www.ultraseek.com/forums/thread.jspa?messageID=9818
http://www.ultraseek.com/articles/archives/2006/01/quick_links_in.html
http://www.owasp.org/index.php/Open_redirect
http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html

Credit

This document was written by Ryan Giobbi.

Other Information

Date Public:	2009-01-11
Date First Published:	2009-01-28
Date Last Updated:	2009-01-28
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	1.30
Document Revision:	14

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader