Vulnerability Note VU#202753

Autonomy Ultraseek URL redirection vulnerability

Original Release date: 28 Jan 2009 | Last revised: 28 Jan 2009

Overview

The Autonomy Ultraseek search engine contains a URL redirection vulnerability that may allow an attacker to redirect website users to other sites.

Description

The Autonomy Ultraseek search engine contains a URL redirection vulnerability in the /cs.html?url= paramater. The destination URL can be obsfucated in the redirect by using URL encoding techniques. To exploit this issue, an attacker would need to get a user to click on a link or browse to a website.

Impact

An attacker may be able to redirect a user to any website.

Solution

Ultraseek administrators should contact Ultraseek support for information on how to obtain updated software that addresses this issue.

Workarounds

Using firewalls, reverse proxy servers, or web application firewalls to block URLs that contain the string /cs.html?url= may prevent some attackers from exploiting this vulnerablity. This workaournd can be evaded by URL obsfucation/encoding and will not be completely effective if the web server uses SSL.

Systems Affected

VendorStatusDate NotifiedDate Updated
UltraseekVulnerable08 Jan 200928 Jan 2009
Verity, Inc.Vulnerable08 Jan 200928 Jan 2009

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: Unknown
  • Date Public: 11 Jan 2009
  • Date First Published: 28 Jan 2009
  • Date Last Updated: 28 Jan 2009
  • Severity Metric: 1.30
  • Document Revision: 14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Document Feedback

Was this document helpful?   Yes   |   Somewhat   |  No