Inktomi Search Software DoS Vulnerability
BID:1866
Info
Inktomi Search Software DoS Vulnerability
| Bugtraq ID: | 1866 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 30 2000 12:00AM |
| Updated: | Oct 30 2000 12:00AM |
| Credit: | Discovered and posted in a USSR Labs <[email protected]> Security Advisory <USSR-2000056> on Oct 30, 2000. |
| Vulnerable: |
Inktomi Search Software 3.0 |
| Not Vulnerable: | |
Discussion
Inktomi Search Software DoS Vulnerability
Inktomi Search Software formerly Ultraseek Server, is a search engine for intranet or web site enviroments.
Inktomi Search Software is subject to a denial of service. If a user requests a malformed URL to the search engine on default port 8765 the service will stop responding. A restart of the service is required in order to gain normal functionality.
Example provided by USSR Labs <[email protected]>:
http://ServerIP:8765/index.html?&col=&ht=0&qs=&qc=&pw=100%25&ws=0&nh=10&lk=1 &rf=0&si=1&si=1&ql=../../../index
Inktomi Search Software formerly Ultraseek Server, is a search engine for intranet or web site enviroments.
Inktomi Search Software is subject to a denial of service. If a user requests a malformed URL to the search engine on default port 8765 the service will stop responding. A restart of the service is required in order to gain normal functionality.
Example provided by USSR Labs <[email protected]>:
http://ServerIP:8765/index.html?&col=&ht=0&qs=&qc=&pw=100%25&ws=0&nh=10&lk=1 &rf=0&si=1&si=1&ql=../../../index
Exploit / POC
Inktomi Search Software DoS Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].