• IDP Daily Update #1254
  posted: 09/05/08
  
• NSM Daily Update #1254
  posted: 09/05/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1254
  posted: 09/05/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1252
  posted: 09/05/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 09/05/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Inktomi Search Information Disclosure Vulnerability

Severity: MODERATE

Description:

A vulnerability has been discovered in Inktomi search engine, which may provide for the disclosure of sensitive information to remote attackers.

It has been reported that a remote attacker may cause the Inktomi search engine to disclose information by making a malformed HTTP request, passing malicious URI parameters to the query.html page. The resulting error message from this request will likely contain installation path details and other potentially sensitive information.

The remote attacker may use the disclosed information to aid in further "intelligent" attacks against the host running the affected software.

It should be noted that this issue is most likely due to debugging functionality.

This issue was reported to affect Inktomi search 5.0, however, other versions may also be affected.

Affected Products:

• Inktomi Search 5.0.0

References:

• Inktomi: Inktomi Homepage