Inktomi Search Physical Path Disclosure Network Vulnerability

Summary

This web server is running a vulnerable version of Inktomi Search Certain requests using MS-DOS special file names such as nul can cause a python error. The error message contains sensitive information such as the physical path of the webroot. This information may be useful to an attacker.

Solution

Upgrade to the latest version. This product is now developed i by Verity and is called Ultraseek

References

http://www.corsaire.com/advisories/c040113-001.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-0050

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Subversion Module Metadata Accessible
AMSI 'file' Parameter Directory Traversal Vulnerability

Take action and discover your vulnerabilities