CVE-2009-0347
published 2009-01-29CVE-2009-0347: Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web…
PriorityP424medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EXPLOIT
EPSS
10.26%
95.1th percentile
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| autonomy | ultraseek | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Autonomy Ultraseek - 'cs.html' Open Redirection
exploitdb·2009-01-28
CVE-2009-0347 Autonomy Ultraseek - 'cs.html' Open Redirection
Autonomy Ultraseek - 'cs.html' Open Redirection
---
source: https://www.securityfocus.com/bid/33500/info
Autonomy Ultraseek is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid in phishing attacks.
http://www.example.com/cs.html?url=http://www.example2.com
Nuclei
Autonomy Ultraseek - Open Redirect
nuclei·CVSS 5.8
CVE-2009-0347 [MEDIUM] Autonomy Ultraseek - Open Redirect
Autonomy Ultraseek - Open Redirect
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
Template:
id: CVE-2009-0347
info:
name: Autonomy Ultraseek - Open Redirect
author: ctflearner
severity: medium
description: |
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
impact: |
An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks.
remediation: |
Apply the vendor-supplied patch or upgrade to a newer versio
No writeups or analysis indexed.
http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.htmlhttp://www.kb.cert.org/vuls/id/202753http://www.securityfocus.com/bid/33500http://www.ultraseek.com/forums/thread.jspa?messageID=9818https://exchange.xforce.ibmcloud.com/vulnerabilities/48336http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.htmlhttp://www.kb.cert.org/vuls/id/202753http://www.securityfocus.com/bid/33500http://www.ultraseek.com/forums/thread.jspa?messageID=9818https://exchange.xforce.ibmcloud.com/vulnerabilities/48336
2009-01-29
Published