Verity Ultraseek错误信息路径公开漏洞

漏洞信息详情

Verity Ultraseek错误信息路径公开漏洞

漏洞简介

Verity Ultraseek 5.2.2之前的版本存在漏洞。远程攻击者借助web搜寻选项的MS-DOS设备名获得文档根的完全路径名,设备名称如(1)NUL,(2)CON,(3)AUX,(4)COM1,(5) COM2以及其他的。

漏洞公告

Verity has released Ultraseek 5.2.2 to address this issue. Please contact the vendor to obtain a fixed version.

参考网址

来源: XF
名称: ultraseek-error-path-disclosure(16066)
链接:http://xforce.iss.net/xforce/xfdb/16066

来源: BUGTRAQ
名称: 20040505 Corsaire Security Advisory – Verity Ultraseek path disclosure issue
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108377388114888&w=2

来源: FULLDISC
名称: 20040505 Corsaire Security Advisory – Verity Ultraseek path disclosure issue
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020952.html

来源: VULNWATCH
名称: 20040505 Corsaire Security Advisory – Verity Ultraseek path disclosure issue
链接:http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0024.html

受影响实体

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享