CVE-2005-1671

Published May 19, 2005

Last updated 8 years ago

Overview

Description: The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D"
          },
          {
            "criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944"
          },
          {
            "criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2"
          },
          {
            "criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References