Lucene search

[email protected]CVE-2005-1671

HistoryMay 19, 2005 - 4:00 a.m.

CVE-2005-1671

2005-05-1904:00:00

[email protected]

web.nvd.nist.gov

yahoo! messenger

logfile

security vulnerability

sensitive information disclosure

nvd

cve-2005-1671

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.

Affected configurations

NVD

Node

yahoomessengerMatch5.5

yahoomessengerMatch5.6

yahoomessengerMatch5.6.0.1351

yahoomessengerMatch6.0

CPENameOperatorVersion
yahoo:messengeryahoo messengereq5.5
yahoo:messengeryahoo messengereq5.6
yahoo:messengeryahoo messengereq5.6.0.1351
yahoo:messengeryahoo messengereq6.0

CPE	Name	Operator	Version
yahoo:messenger	yahoo messenger	eq	5.5
yahoo:messenger	yahoo messenger	eq	5.6
yahoo:messenger	yahoo messenger	eq	5.6.0.1351
yahoo:messenger	yahoo messenger	eq	6.0

References

marc.info/?l=bugtraq&m=111643475210982&w=2

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-1671

nvd1 cvelist1