Vulnerability Description
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 5.0 |
References
- http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind9904&L=NTBUGTRAQ&P=
- http://packetderm.cotse.com/mailing-lists/ntbugtraq/1999/0364.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3289
- http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind9904&L=NTBUGTRAQ&P=
- http://packetderm.cotse.com/mailing-lists/ntbugtraq/1999/0364.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3289
FAQ
What is CVE-1999-1235?
CVE-1999-1235 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who a...
How severe is CVE-1999-1235?
CVE-1999-1235 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1235?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer.