|
|
Family: CGI abuses --> Category: infos
Ultraseek < 5.7 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for Ultraseek < 5.7
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by multiple issues.
Description :
The remote host is running Ultraseek, an enterprise web search engine.
According to the version in its banner, an unauthenticated remote
attacker reportedly can use '/highlight/index.html' script on the
remote install of Ultraseek as a proxy to launch web attacks or even
enumerate internal addresses and ports.
In addition, the remote software also suffers from numerous
information disclosure vulnerabilities through other scripts.
See also :
http://www.zerodayinitiative.com/advisories/ZDI-06-042.html
http://www.securityfocus.com/archive/1/451847/30/0/threaded
http://www.ultraseek.com/support/docs/RELNOTES.txt
Solution :
Upgrade to Ultraseek 5.7 or later.
Threat Level:
Low / CVSS Base Score : 3.3
(AV:R/AC:L/Au:NR/C:N/I:C/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
