nuclei-templates/http/cves/2009/CVE-2009-0347.yaml

id: CVE-2009-0347

info:
  name: Autonomy Ultraseek - Open Redirect
  author: ctflearner
  severity: medium
  description: |
    Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
  remediation: |
    Apply the vendor-supplied patch or upgrade to a newer version of Autonomy Ultraseek that addresses the open redirect vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2009-0347
    - https://www.exploit-db.com/exploits/32766
    - https://www.kb.cert.org/vuls/id/202753
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/48336
    - http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P
    cvss-score: 5.8
    cve-id: CVE-2009-0347
    cwe-id: CWE-59
    epss-score: 0.09851
    epss-percentile: 0.94077
    cpe: cpe:2.3:a:autonomy:ultraseek:_nil_:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: autonomy
    product: ultraseek
  tags: cve,cve2009,redirect,autonomy

http:
  - method: GET
    path:
      - "{{BaseURL}}/cs.html?url=http://www.interact.sh"

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
Create CVE-2009-0347.yaml 2023-06-14 15:57:46 +00:00			`id: CVE-2009-0347`

			`info:`
Update CVE-2009-0347.yaml 2023-06-15 16:57:20 +00:00			`name: Autonomy Ultraseek - Open Redirect`
Create CVE-2009-0347.yaml 2023-06-14 15:57:46 +00:00			`author: ctflearner`
			`severity: medium`
			`description: \|`
			`Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.`
updated other CVEs 2023-09-06 13:22:34 +00:00			`remediation: \|`
			`Apply the vendor-supplied patch or upgrade to a newer version of Autonomy Ultraseek that addresses the open redirect vulnerability.`
Create CVE-2009-0347.yaml 2023-06-14 15:57:46 +00:00			`reference:`
lint fix 2023-06-14 16:17:34 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2009-0347`
			`- https://www.exploit-db.com/exploits/32766`
			`- https://www.kb.cert.org/vuls/id/202753`
			`- https://exchange.xforce.ibmcloud.com/vulnerabilities/48336`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`- http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html`
Create CVE-2009-0347.yaml 2023-06-14 15:57:46 +00:00			`classification:`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P`
Create CVE-2009-0347.yaml 2023-06-14 15:57:46 +00:00			`cvss-score: 5.8`
			`cve-id: CVE-2009-0347`
			`cwe-id: CWE-59`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`epss-score: 0.09851`
			`epss-percentile: 0.94077`
updated other CVEs 2023-09-06 13:22:34 +00:00			`cpe: cpe:2.3:a:autonomy:ultraseek:_nil_:::::::*`
TemplateMan Update [Wed Jun 21 21:03:53 UTC 2023] :robot: 2023-06-21 21:03:53 +00:00			`metadata:`
			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: autonomy`
			`product: ultraseek`
Update CVE-2009-0347.yaml 2023-06-15 16:57:20 +00:00			`tags: cve,cve2009,redirect,autonomy`
Create CVE-2009-0347.yaml 2023-06-14 15:57:46 +00:00
			`http:`
			`- method: GET`
			`path:`
Update CVE-2009-0347.yaml 2023-06-15 16:57:20 +00:00			`- "{{BaseURL}}/cs.html?url=http://www.interact.sh"`
Create CVE-2009-0347.yaml 2023-06-14 15:57:46 +00:00
			`matchers:`
			`- type: regex`
			`part: header`
			`regex:`
Update CVE-2009-0347.yaml 2023-06-15 16:57:20 +00:00			`- '(?m)^(?:Location\s?:\s?)(?:http?://\|//)(?:[a-zA-Z0-9\-_\.@])interact\.sh.$'`