Verity Ultraseek Information Disclosure and Request Proxying Vulnerabilities

Bugtraq ID:	21120
Class:	Input Validation Error
CVE:	CVE-2006-5819
Remote:	Yes
Local:	No
Published:	Nov 16 2006 12:00AM
Updated:	Nov 20 2006 10:10PM
Credit:	sullo and CIRT.net are credited with the discovery of this issue.
Vulnerable:	Verity Inc. Ultraseek 5.3.3
Not Vulnerable:	Verity Inc. Ultraseek 5.7

Verity Ultraseek Information Disclosure and Request Proxying Vulnerabilities

Verity Ultraseek is reported prone to a number of vulnerabilities.

Exploiting the vulnerabilities allows remote attackers to proxy attacks to internal networks and computers, to gain unauthorized access to unspecified information through a number of vulnerable scripts, and to retrieve the contents of arbitrary system files.

Verity Ultraseek versions prior to 5.7 are reported vulnerable to these issues.

Verity Ultraseek Information Disclosure and Request Proxying Vulnerabilities

An exploit is not required.

Verity Ultraseek Information Disclosure and Request Proxying Vulnerabilities

Solution:
Version 5.7 of the affected software reportedly deals with this issue.

Verity Ultraseek Information Disclosure and Request Proxying Vulnerabilities

References:

• Release Notes for Ultraseek 5.7 (Ultraseek)
  
• Ultraseek Product Page (Verity)
  
• ZDI-06-042 Verity Ultraseek Request Proxying Vulnerability (Zero Day Initiative)