{"vuid":"VU#202753","idnumber":"202753","name":"Autonomy Ultraseek URL redirection vulnerability","keywords":["autonomy","ultraseek","verity","inktomi","spam","redirect"],"overview":"The Autonomy Ultraseek search engine contains a URL redirection vulnerability that may allow an attacker to redirect website users to other sites.","clean_desc":"The Autonomy Ultraseek search engine contains a URL redirection vulnerability in the /cs.html?url= paramater. The destination URL can be obsfucated in the redirect by using URL encoding techniques. To exploit this issue, an attacker would need to get a user to click on a link or browse to a website.","impact":"An attacker may be able to redirect a user to any website.","resolution":"Ultraseek administrators should contact Ultraseek support for information on how to obtain updated software that addresses this issue.","workarounds":"Workarounds Using firewalls, reverse proxy servers, or web application firewalls to block URLs that contain the string /cs.html?url= may prevent some attackers from exploiting this vulnerablity. This workaournd can be evaded by URL obsfucation/encoding and will not be completely effective if the web server uses SSL.","sysaffected":"","thanks":"","author":"This document was written by Ryan Giobbi.","public":["http://www.ultraseek.com/forums/thread.jspa?messageID=9818","http://www.ultraseek.com/articles/archives/2006/01/quick_links_in.html","http://www.owasp.org/index.php/Open_redirect","http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-01-08T13:52:18Z","publicdate":"2009-01-11T00:00:00Z","datefirstpublished":"2009-01-28T21:07:57Z","dateupdated":"2009-01-28T21:19:11Z","revision":19,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"1","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"1","cam_population":"7","cam_impact":"1","cam_easeofexploitation":"19","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.29675","cam_scorecurrentwidelyknown":"1.546125","cam_scorecurrentwidelyknownexploited":"2.044875","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":1.29675,"vulnote":null}