NASLDB: BlackBerry Enterprise Server Web Desktop Manager XSS (KB26296)
General
ID: 53829
Name: BlackBerry Enterprise Server Web Desktop Manager XSS (KB26296)
Summary: Checks version and looks for workaround.
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C
Port: 139
Family: Windows
Type: Local
Description
The version of BlackBerry Enterprise Server on the remote host
reportedly contains a cross-site scripting vulnerability in its Web
Desktop Manager component. An attacker may be able to leverage this
issue to execute arbitrary script code in the browser of an
authenticated user in the context of the affected site and to steal
cookie-based authentication credentials.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2011-0286
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2011/04/12
Patch Release: 2011/04/12
Plugin Release: 2011/05/06
Plugin
Version: 1.4
Filename: blackberry_es_xss_kb26296.nasl
Filesize: 7559 bytes
MD5 Hash: 302a2e1dda984279068af101cc0549d2
Identification: –
Require Keys: SMB/Registry/Enumerated
Dependencies: "blackberry_es_installed.nasl"
Copyright: This script is Copyright© 2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack