Lucene search

[email protected]NVD:CVE-2005-1671

HistoryMay 19, 2005 - 4:00 a.m.

CVE-2005-1671

2005-05-1904:00:00

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.

Affected configurations

Nvd

Node

yahoomessengerMatch5.5

yahoomessengerMatch5.6

yahoomessengerMatch5.6.0.1351

yahoomessengerMatch6.0

VendorProductVersionCPE
yahoomessenger5.5cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*
yahoomessenger5.6cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*
yahoomessenger5.6.0.1351cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*
yahoomessenger6.0cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yahoo	messenger	5.5	cpe:2.3:a:yahoo:messenger:5.5:::::::*
yahoo	messenger	5.6	cpe:2.3:a:yahoo:messenger:5.6:::::::*
yahoo	messenger	5.6.0.1351	cpe:2.3:a:yahoo:messenger:5.6.0.1351:::::::*
yahoo	messenger	6.0	cpe:2.3:a:yahoo:messenger:6.0:::::::*

References

marc.info/?l=bugtraq&m=111643475210982&w=2

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2005-1671

cvelist1 cve1