5.8 - VU#202753

Executive Summary

Summary
Title	Autonomy Ultraseek URL redirection vulnerability

Informations
Name	VU#202753	First vendor Publication	2009-01-28
Vendor	VU-CERT	Last vendor Modification	2009-01-28
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Cvss Base Score	5.8	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#202753

Autonomy Ultraseek URL redirection vulnerability

Overview

The Autonomy Ultraseek search engine contains a URL redirection vulnerability that may allow an attacker to redirect website users to other sites.

I. Description

The Autonomy Ultraseek search engine contains a URL redirection vulnerability in the /cs.html?url= paramater. The destination URL can be obsfucated in the redirect by using URL encoding techniques. To exploit this issue, an attacker would need to get a user to click on a link or browse to a website.

II. Impact

An attacker may be able to redirect a user to any website.

III. Solution

Ultraseek administrators should contact Ultraseek support for information on how to obtain updated software that addresses this issue.

Workarounds

Using firewalls, reverse proxy servers, or web application firewalls to block URLs that contain the string /cs.html?url= may prevent some attackers from exploiting this vulnerablity. This workaournd can be evaded by URL obsfucation/encoding and will not be completely effective if the web server uses SSL.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Ultraseek	Vulnerable	2009-01-08	2009-01-28
Verity, Inc.	Vulnerable	2009-01-08	2009-01-28

References

http://www.ultraseek.com/forums/thread.jspa?messageID=9818
http://www.ultraseek.com/articles/archives/2006/01/quick_links_in.html
http://www.owasp.org/index.php/Open_redirect
http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html

Credit

This document was written by Ryan Giobbi.

Other Information

Date Public:	2009-01-11
Date First Published:	2009-01-28
Date Last Updated:	2009-01-28
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	1.30
Document Revision:	14

Original Source

Url : http://www.kb.cert.org/vuls/id/202753

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-59	Improper Link Resolution Before File Access ('Link Following')

Open Source Vulnerability Database (OSVDB)

Id	Description
52927	Autonomy Ultraseek cs.html url Parameter Arbitrary Site Redirect

Snort® IPS/IDS

Date	Description
2014-01-10	Autonomy Ultraseek cs.html url parameter with url - possible malicious redire... RuleID : 26542 - Revision : 4 - Type : SERVER-OTHER

Global Informations

Type	Count
CWE ID(s)	1
osvdb(s)	1
Snort® Rule(s)	1

	Related
5.8	CVE-2009-0347
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)