CVE-2006-5970 Information

Description

Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null (\00) terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html (3) help/footer.html (4) spell.html (5) coreforma.html (6) daterange.html (7) hits.html (8) hitsnavbottom.html (9) indexform.html (10) indexforma.html (11) languages.html (12) nohits.html (13) onehit1.html (14) onehit2.html (15) query.html (16) queryform0.html (17) queryform0a.html (18) queryform1.html (19) queryform1a.html (20) queryform2.html (21) queryform2a.html (22) quicklinks.html (23) relatedtopics.html (24) signin.html (25) subtopics.html (26) thesaurus.html (27) topics.html (28) hitspagebar.html (29) highlight/highlight.html (30) highlight/highlight_one.html and (31) highlight/topnav.html which leaks the installation path in the resulting error message.

Reference

http://secunia.com/advisories/22892 http://securitytracker.com/id?1017235 http://www.osvdb.org/30287 http://www.osvdb.org/30288 http://www.securityfocus.com/archive/1/451847/100/0/threaded http://www.ultraseek.com/support/docs/RELNOTES.txt http://www.zerodayinitiative.com/advisories/ZDI-06-042.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30314 Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null (\00) terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html (3) help/footer.html (4) spell.html (5) coreforma.html (6) daterange.html (7) hits.html (8) hitsnavbottom.html (9) indexform.html (10) indexforma.html (11) languages.html (12) nohits.html (13) onehit1.html (14) onehit2.html (15) query.html (16) queryform0.html (17) queryform0a.html (18) queryform1.html (19) queryform1a.html (20) queryform2.html (21) queryform2a.html (22) quicklinks.html (23) relatedtopics.html (24) signin.html (25) subtopics.html (26) thesaurus.html (27) topics.html (28) hitspagebar.html (29) highlight/highlight.html (30) highlight/highlight_one.html and (31) highlight/topnav.html which leaks the installation path in the resulting error message.