Detections
Analytics
BlackBerry Enterprise Server Administration API Unspecified Remote Vulnerability (KB27258)
medium Nessus Plugin ID 55670
Language:
Synopsis
The remote Windows host has an application that is affected by a vulnerability that can result in information disclosure and partial denial of service.Description
The version of BlackBerry Enterprise Server on the remote host reportedly contains a vulnerability in its administrator API. By exploiting this vulnerability, an attacker may be able to read files stored on the BlackBerry Enterprise Server that contain only printable characters or exhaust the resources on the server resulting in denial of service.Solution
Install the Interim Security Software Update for July 12th 2011, or upgrade to at least 5.0.1 MR4 for Novell GroupWise / 5.0.3 MR3 for IBM Lotus Domino / 5.0.3 MR3 for Microsoft Exchange.See Also
https://salesforce.services.blackberry.com/kbredirect/KB27258
Plugin Details
Severity: Medium
ID: 55670
File Name: blackberry_es_api_kb27258.nasl
Version: 1.8
Type: local
Agent: windows
Family: Windows
Published: 7/25/2011
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.7
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P
Vulnerability Information
CPE: cpe:/a:rim:blackberry_enterprise_server
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Patch Publication Date: 7/12/2011
Vulnerability Publication Date: 7/12/2011
Reference Information
CVE: CVE-2011-0287
BID: 48655
Secunia: 45242