{"api_version":"1","generated_at":"2026-04-23T11:59:39+00:00","cve":"CVE-2009-0347","urls":{"html":"https://cve.report/CVE-2009-0347","api":"https://cve.report/api/cve/CVE-2009-0347.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-0347","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-0347"},"summary":{"title":"CVE-2009-0347","description":"Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-01-29 19:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-59","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.8","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48336","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48336","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/33500","name":"http://www.securityfocus.com/bid/33500","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Autonomy Ultraseek 'cs.html' URI Redirection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.kb.cert.org/vuls/id/202753","name":"http://www.kb.cert.org/vuls/id/202753","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#202753 - Autonomy Ultraseek URL redirection vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ultraseek.com/forums/thread.jspa?messageID=9818","name":"http://www.ultraseek.com/forums/thread.jspa?messageID=9818","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html","name":"http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sunbelt Blog: The constant stream of Ultraseek redirects to malware","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-0347","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0347","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"347","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"autonomy","cpe5":"ultraseek","cpe6":"_nil_","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:31:25.849Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html"},{"name":"VU#202753","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/202753"},{"name":"33500","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/33500"},{"name":"ultraseek-cs-phishing(48336)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48336"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.ultraseek.com/forums/thread.jspa?messageID=9818"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-01-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html"},{"name":"VU#202753","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/202753"},{"name":"33500","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/33500"},{"name":"ultraseek-cs-phishing(48336)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48336"},{"tags":["x_refsource_MISC"],"url":"http://www.ultraseek.com/forums/thread.jspa?messageID=9818"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-0347","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html","refsource":"MISC","url":"http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html"},{"name":"VU#202753","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/202753"},{"name":"33500","refsource":"BID","url":"http://www.securityfocus.com/bid/33500"},{"name":"ultraseek-cs-phishing(48336)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48336"},{"name":"http://www.ultraseek.com/forums/thread.jspa?messageID=9818","refsource":"MISC","url":"http://www.ultraseek.com/forums/thread.jspa?messageID=9818"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-0347","datePublished":"2009-01-29T19:00:00.000Z","dateReserved":"2009-01-29T00:00:00.000Z","dateUpdated":"2024-08-07T04:31:25.849Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-01-29 19:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-59","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:autonomy:ultraseek:_nil_:*:*:*:*:*:*:*","matchCriteriaId":"CB6CE359-BDFF-4BA3-8D5C-C44BD522CE74"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"347","Ordinal":"1","Title":"CVE-2009-0347","CVE":"CVE-2009-0347","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"347","Ordinal":"1","NoteData":"Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.","Type":"Description","Title":"CVE-2009-0347"},{"CveYear":"2009","CveId":"347","Ordinal":"2","NoteData":"2009-01-29","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"347","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}