Vulnerability Name: | CVE-2009-0347 (CCN-48336) | ||||||||
Assigned: | 2008-04-10 | ||||||||
Published: | 2008-04-10 | ||||||||
Updated: | 2017-08-08 | ||||||||
Summary: | Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-59 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2009-0347 Source: CCN Type: Sunbelt Blog, Sunday, January 11, 2009 The constant stream of Ultraseek redirects to malware Source: MISC Type: UNKNOWN http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html Source: CCN Type: US-CERT VU#202753 Autonomy Ultraseek URL redirection vulnerability Source: CERT-VN Type: US Government Resource VU#202753 Source: CCN Type: OSVDB ID: 52927 Autonomy Ultraseek cs.html url Parameter Arbitrary Site Redirect Source: BID Type: UNKNOWN 33500 Source: CCN Type: BID-33500 Autonomy Ultraseek 'cs.html' URI Redirection Vulnerability Source: CCN Type: Ultraseek Web site Ultraseek Articles: Quick Links in Action Source: CCN Type: Ultraseek Support Forums, Apr 9, 2008 7:37 AM Redirection vulnerability ? Source: MISC Type: UNKNOWN http://www.ultraseek.com/forums/thread.jspa?messageID=9818 Source: XF Type: UNKNOWN ultraseek-cs-phishing(48336) Source: XF Type: UNKNOWN ultraseek-cs-phishing(48336) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |