Inktomi Search Software 3.0 – Information Disclosure

Inktomi Search Software 3.0 – Information Disclosure

漏洞ID 1053497 漏洞类型
发布时间 2000-12-05 更新时间 2000-12-05
图片[1]-Inktomi Search Software 3.0 – Information Disclosure-安全小百科CVE编号 N/A
图片[2]-Inktomi Search Software 3.0 – Information Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/20468
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/2062/info

A vulnerability exists in version 3.0 of Ultrseek server (aka Inktomi Search).

Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:

http://target:8765/example/

will, if the file 'example' does not exist, return an error message which discloses sensitive path and server configuration information.

As a result, it is possible for an attacker to obtain information about the server's configuration and directory structure, which could be used to support further attacks.

This may be the result of a weak default configuration. Ultraseek Server returns detailed error information when requests are recieved from an administrative IP address. By default, administrative status is given to all addresses.

相关推荐: RedHat Linux printfilter Vulnerability

RedHat Linux printfilter Vulnerability 漏洞ID 1104941 漏洞类型 Origin Validation Error 发布时间 1998-09-13 更新时间 1998-09-13 CVE编号 N/A CNNVD-I…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享