First published: Thu May 06 2004(Updated: )
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Verity Ultraseek | <=5.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.