CVE-2009-0347

Published: Jan 29, 2009Modified: Apr 23, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

Affected (1)

Products: Autonomy: Ultraseek

Autonomy

1 product

Ultraseek

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Autonomy Ultraseek	Version _nil_

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (10)

http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/202753

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/bid/33500

Source: cve@mitre.org

http://www.ultraseek.com/forums/thread.jspa?messageID=9818

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/48336

Source: cve@mitre.org

http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html