{"vuid":"VU#559616","idnumber":"559616","name":"Autonomy Ultraseek default configuration does not adequately restrict in-document highlighting","keywords":["Verity","Ultraseek","information disclosure","highlight/index.html","xss"],"overview":"A vulnerability exists in the Ultraseek /highlight/index.html script. Successful exploitation of this vulnerability may allow an attacker to enumerate and access content from non-public servers or execute cross-site scripting attacks.","clean_desc":"Ultraseek is a search engine used on private and public websites. Ultraseek includes the /highlight/index.html script which highlights strings in search results. An attacker may be able to exploit this vulnerability by sending specially-crafted URLs to the vulnerable script. Note that Ultraseek was previously produced by Verity, which is now owned by Autonomy.","impact":"A remote, unauthenticated attacker could provide arbitrary content to a web site, effectively performing cross-site scripting attacks. An attacker could also access content from or enumerate non-public hosts and services.","resolution":"Configure in-document highlighting filter\nFrom the Ultraseek Administrator Guide: In-document highlighting filter Specifies which URLs can be highlighted. By default, documents from all URLs can be highlighted. Ultraseek examines the list of URL patterns in the order they are specified. The first matched URL pattern determines whether in-documenting highlighting is allowed for documents originating from the specified URL. If there is no match, Ultraseek disallows highlighting on documents from the URL. Changing this setting to restrict highlighting to specific domains will limit the scope of this vulnerability. To change this setting: Log into the server as the admin user. Click on the parameters tab. Click on the advanced tab. In the In-document highlighting filter text box, enter the domains that should be allowed to access the highlighting features. Note that the default setting for new installations of Ultraseek 5.7 will set the in-document filter to only allow the highlighting features for the server's domain name. This change is documented as bugfix 1443 in the Ultraseek 5.7 release notes: [1443] The default filters for document highlighting are now more restrictive, automatically limited to either the current domain, or the collection URL filters.","workarounds":"Restrict access to non-public services Using access control","sysaffected":"","thanks":"This vulnerability was disclosed by TippingPoint.","author":"This document was written by Jason McCormick and Ryan Giobbi.","public":["http://secunia.com/advisories/22892/","http://www.ultraseek.com/support/docs/RELNOTES.txt","http://www.zerodayinitiative.com/advisories/ZDI-06-042.html"],"cveids":["CVE-2006-5819"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:13:29.448064Z","publicdate":"2006-11-15T00:00:00Z","datefirstpublished":"2006-12-01T19:19:37Z","dateupdated":"2006-12-06T19:47:09Z","revision":58,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":6.05625,"vulnote":null}