CVE-2006-5819
Verity Ultraseek Request Proxying Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script.
Verity Ultraseek anterior a 5.7 permite a un atacante remoto usar el servidor como proxy para ataques web y escaneo de host a través de respuesta directa a la secuencia de comandos highlight/index.html.
This vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the highlight script used to highlight search terms on spidered pages. An attacker can directly access the highlight script at '/highlight/index.html' to pass parameters to and retrieve content from arbitrary URLs. The same script can also be abused to enumerate otherwise inaccessible internal addresses and open ports.
Ultraseek also exposes various information disclosure vulnerabilities through the following scripts:
/help/urlstatusgo.html/help/header.html/help/footer.html/spell.html/coreforma.html/daterange.html/hits.html/hitsnavbottom.html/indexform.html/indexforma.html/languages.html/nohits.html/onehit1.html/onehit2.html/query.html/queryform0.html/queryform0a.html/queryform1.html/queryform1a.html/queryform2.html/queryform2a.html/quicklinks.html/relatedtopics.html/signin.html/subtopics.html/thesaurus.html/topics.html/hitspagebar.html/highlight/highlight.html/highlight/highlight_one.html/highlight/topnav.html
Authenticated Ultraseek users can further abuse another vulnerability to retrieve arbitrary file contents from the underyling server through the '/admin/logfile.txt' script.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-11-08 CVE Reserved
- 2006-11-15 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1017235 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/559616 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/451847/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/21120 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30311 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.osvdb.org/22892 | 2018-10-17 | |
| http://www.osvdb.org/30286 | 2018-10-17 | |
| http://www.ultraseek.com/support/docs/RELNOTES.txt | 2018-10-17 | |
| http://www.zerodayinitiative.com/advisories/ZDI-06-042.html | 2018-10-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Verity Search vendor "Verity" | Ultraseek Search vendor "Verity" for product "Ultraseek" | <= 5.6.2 Search vendor "Verity" for product "Ultraseek" and version " <= 5.6.2" | - |
Affected
| ||||||
| Verity Search vendor "Verity" | Ultraseek Search vendor "Verity" for product "Ultraseek" | 5.2.1 Search vendor "Verity" for product "Ultraseek" and version "5.2.1" | - |
Affected
| ||||||
| Verity Search vendor "Verity" | Ultraseek Search vendor "Verity" for product "Ultraseek" | 5.5.0 Search vendor "Verity" for product "Ultraseek" and version "5.5.0" | - |
Affected
| ||||||
| Verity Search vendor "Verity" | Ultraseek Search vendor "Verity" for product "Ultraseek" | 5.6.0 Search vendor "Verity" for product "Ultraseek" and version "5.6.0" | - |
Affected
| ||||||
| Verity Search vendor "Verity" | Ultraseek Search vendor "Verity" for product "Ultraseek" | 5.6.1 Search vendor "Verity" for product "Ultraseek" and version "5.6.1" | - |
Affected
| ||||||