漏洞信息详情
Verity Ultraseek错误信息路径公开漏洞
- CNNVD编号:CNNVD-200406-045
- 危害等级: 中危
- CVE编号:
CVE-2004-0050
- 漏洞类型:
输入验证
- 发布时间:
2004-06-14
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
verity - 漏洞来源:
Discovery is credi… -
漏洞简介
Verity Ultraseek 5.2.2之前的版本存在漏洞。远程攻击者借助web搜寻选项的MS-DOS设备名获得文档根的完全路径名,设备名称如(1)NUL,(2)CON,(3)AUX,(4)COM1,(5) COM2以及其他的。
漏洞公告
Verity has released Ultraseek 5.2.2 to address this issue. Please contact the vendor to obtain a fixed version.
参考网址
来源: XF
名称: ultraseek-error-path-disclosure(16066)
链接:http://xforce.iss.net/xforce/xfdb/16066
来源: BUGTRAQ
名称: 20040505 Corsaire Security Advisory – Verity Ultraseek path disclosure issue
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108377388114888&w=2
来源: FULLDISC
名称: 20040505 Corsaire Security Advisory – Verity Ultraseek path disclosure issue
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020952.html
来源: VULNWATCH
名称: 20040505 Corsaire Security Advisory – Verity Ultraseek path disclosure issue
链接:http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0024.html