BlackBerry Enterprise Server Administration API Unspecified Remote Vulnerability (KB27258)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a
vulnerability that can result in information disclosure and partial
denial of service.

Description :

The version of BlackBerry Enterprise Server on the remote host
reportedly contains a vulnerability in its administrator API. By
exploiting this vulnerability, an attacker may be able to read files
stored on the BlackBerry Enterprise Server that contain only printable
characters or exhaust the resources on the server resulting in denial
of service.

See also :

http://www.blackberry.com/btsc/KB27258

Solution :

Install the Interim Security Software Update for July 12th 2011, or
upgrade to at least 5.0.1 MR4 for Novell GroupWise / 5.0.3 MR3 for IBM
Lotus Domino / 5.0.3 MR3 for Microsoft Exchange.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 4.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 55670 ()

Bugtraq ID: 48655

CVE ID: CVE-2011-0287

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now