Lucene search

[email protected]CVE-2006-5819

HistoryNov 18, 2006 - 12:07 a.m.

CVE-2006-5819

2006-11-1800:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

verity ultraseek

cve-2006-5819

remote attackers

proxy

web attacks

host scanning

vulnerability

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.133 Low

EPSS

Percentile

95.5%

JSON

Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script.

CPENameOperatorVersion
verity:ultraseekverity ultraseekeq5.2.1
verity:ultraseekverity ultraseekeq5.6.1
verity:ultraseekverity ultraseekeq5.5.0
verity:ultraseekverity ultraseekeq5.6.0
verity:ultraseekverity ultraseekle5.6.2

CPE	Name	Operator	Version
verity:ultraseek	verity ultraseek	eq	5.2.1
verity:ultraseek	verity ultraseek	eq	5.6.1
verity:ultraseek	verity ultraseek	eq	5.5.0
verity:ultraseek	verity ultraseek	eq	5.6.0
verity:ultraseek	verity ultraseek	le	5.6.2

References

securitytracker.com/id?1017235

www.kb.cert.org/vuls/id/559616

www.osvdb.org/22892

www.osvdb.org/30286

www.securityfocus.com/archive/1/451847/100/0/threaded

www.securityfocus.com/bid/21120

www.ultraseek.com/support/docs/RELNOTES.txt

www.zerodayinitiative.com/advisories/ZDI-06-042.html

exchange.xforce.ibmcloud.com/vulnerabilities/30311

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.133 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2006-5819

securityvulns1 nessus1 zdi1 cert1