CVE-2006-5970

Name of the Vulnerable Software and Affected Versions Verity Ultraseek versions prior to 5.7

Description The issue allows remote attackers to obtain sensitive information via direct requests to various pages, including help/urlstatusgo.html with a null terminated url parameter, or missing parameters to multiple other pages. These requests can leak the installation path in the resulting error message. The affected pages include help/header.html, help/footer.html, spell.html, coreforma.html, daterange.html, hits.html, hitsnavbottom.html, indexform.html, indexforma.html, languages.html, nohits.html, onehit1.html, onehit2.html, query.html, queryform0.html, queryform0a.html, queryform1.html, queryform1a.html, queryform2.html, queryform2a.html, quicklinks.html, relatedtopics.html, signin.html, subtopics.html, thesaurus.html, topics.html, hitspagebar.html, highlight/highlight.html, highlight/highlight one.html, and highlight/topnav.html.

Recommendations For versions prior to 5.7, update to version 5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected pages until a patch is available. Avoid making direct requests to these pages with missing or null terminated parameters to minimize the risk of exploitation.