Overview
The Yahoo! Mobile service contains an information exposure vulnerability.
Description
The Yahoo! Mobile Service enables users of handheld devices to take advantage of the same kinds of services Yahoo! Inc. offers to traditional desktop computing users (e.g. web browsing, email, etc.). A vulnerability in the Yahoo! Mobile service allows an attacker to view random queries from legitimate Yahoo! Mobile users. As a result, an attacker may be able to view privileged data, including any credentials that the victim had stored in recently viewed email messages. |
Impact
An attacker can cause Yahoo! Mobile servers to return random web pages. Note that the attacker does not have any control over which pages are returned. |
Solution
Yahoo! Inc. has fixed this vulnerability. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
The CERT/CC thanks Bob Whittle for reporting this vulnerability. We also thank Yahoo! Inc. for their rapid response to this issue.
This document was written by Ian A Finlay.
Other Information
| CVE IDs: | None |
| Severity Metric: | 1.39 |
| Date Public: | 2003-02-17 |
| Date First Published: | 2003-02-17 |
| Date Last Updated: | 2003-02-21 14:17 UTC |
| Document Revision: | 13 |