Vulners
Lucene search
Inktomi Search Software 3.0 Information Disclosure Vulnerability
source: http://www.securityfocus.com/bid/2062/info
A vulnerability exists in version 3.0 of Ultrseek server (aka Inktomi Search).
Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:
http://target:8765/example/
will, if the file 'example' does not exist, return an error message which discloses sensitive path and server configuration information.
As a result, it is possible for an attacker to obtain information about the server's configuration and directory structure, which could be used to support further attacks.
This may be the result of a weak default configuration. Ultraseek Server returns detailed error information when requests are recieved from an administrative IP address. By default, administrative status is given to all addresses.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1