The Autonomy Ultraseek search engine contains a URL redirection vulnerability that may allow an attacker to redirect website users to other sites.
The Autonomy Ultraseek search engine contains a URL redirection vulnerability in the /cs.html?url= paramater. The destination URL can be obsfucated in the redirect by using URL encoding techniques. To exploit this issue, an attacker would need to get a user to click on a link or browse to a website.
An attacker may be able to redirect a user to any website.
Ultraseek administrators should contact Ultraseek support for information on how to obtain updated software that addresses this issue.
This document was written by Ryan Giobbi.
|Date First Published:||2009-01-28|
|Date Last Updated:||2009-01-28 21:19 UTC|