Vulnerability 10897 - CERT Civis.Net

Vulnerability Name:

CCN-10897

Published:

2002-11-06

Updated:

2002-11-06

Summary:

Yahoo! Messenger could allow a remote attacker to determine the online status of a user that is in "invisible" mode. If a remote attacker sends a request to view a user's shared files, the attacker would cause the user's online status to be displayed with the response.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Other

References:

Source: CCN
Type: BugTraq Mailing List, Wed Nov 06 2002 - 09:31:52 CST
Yahoo Messenger: Invisible User Detect

Source: CCN
Type: BID-6121
Yahoo! Messenger Invisible User Detection Weakness

Source: XF
Type: UNKNOWN
yahoo-invisible-user-detection(10897)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:yahoo:messenger:5.0.1046:*:*:*:*:*:*:*

OR cpe:/a:yahoo:messenger:5.0.1232:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK