| VID |
22440 |
| Severity |
40 |
| Port |
8765 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Verity Ultraseek, according to its banner, has multiple information disclosure vulnerabilities. Verity Ultraseek is a Web-based enterprise search engine software for Unix and Microsoft Windows platforms. Verity Ultraseek versions prior to 5.7 could allow a remote attacker to use the server as a proxy for web attacks or even enumerate internal systems and open ports via a direct request to the highlight/index.html script. In addition, the installed version also suffers from numerous information disclosure vulnerabilities through other scripts.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.ultraseek.com/support/docs/RELNOTES.txt
http://www.zerodayinitiative.com/advisories/ZDI-06-042.html
http://www.securityfocus.com/archive/1/451847/30/0/threaded
http://www.kb.cert.org/vuls/id/559616
http://securitytracker.com/id?1017235
http://secunia.com/advisories/22892/
* Platforms Affected:
Verity Ultraseek versions prior to 5.7
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Verity Ultraseek (5.7 or later), available from the Verity Download Center Web page at http://downloadcenter.verity.com/dlc/index.jsp |
| Related URL |
CVE-2006-5819 (CVE) |
| Related URL |
21120 (SecurityFocus) |
| Related URL |
30311 (ISS) |
|
