Details of VAR-200705-0289

ID

VAR-200705-0289

CVE

CVE-2007-2592

TITLE

Nokia Intellisync Mobile Suite Cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-003826

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. (1) de/pda/dev_logon.asp To username Parameters (2) usrmgr/registerAccount.asp , de/create_account.asp Etc. Routes in unspecified files . Reports indicate that these issues reside only in the bundled package; Nokia Intellisync Mobile Suite may not be affected on its own. Successful attacks may allow an attacker to obtain sensitive information and carry out denial-of-service and cross-site scripting attacks. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Nokia Intellisync Mobile Suite Multiple Vulnerabilities SECUNIA ADVISORY ID: SA25212 VERIFY ADVISORY: http://secunia.com/advisories/25212/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of system information, Exposure of sensitive information, DoS WHERE: >From remote SOFTWARE: Intellisync Mobile Suite http://secunia.com/product/3450/ DESCRIPTION: Johannes Greil has reported some vulnerabilities in Nokia's Intellisync Mobile Suite, which can be exploited by malicious people to gain knowledge of sensitive information, conduct cross-site scripting attacks, manipulate certain data, or cause a DoS (Denial of Service). 1) Missing authentication checks within certain ASP scripts (e.g. userList.asp, userStatusList.asp) can be exploited to modify or gain knowledge of certain user details, or to disable user accounts. 2) Certain input passed to de/pda/dev_logon.asp, usrmgr/registerAccount.asp, and de/create_account.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An error within the bundled Apache Tomcat server can be exploited to disclose directory listings and script source codes. The vulnerabilities are reported in versions 6.4.31.2, 6.6.0.107, and 6.6.2.2 and is reported to partially affect Nokia Intellisync Wireless Email Express. Other versions may also be affected. SOLUTION: Upgrade to GMS 2. PROVIDED AND/OR DISCOVERED BY: Johannes Greil, SEC Consult ORIGINAL ADVISORY: http://www.sec-consult.com/289.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-2592 // JVNDB: JVNDB-2007-003826 // BID: 23889 // VULHUB: VHN-25954 // PACKETSTORM: 56572

AFFECTED PRODUCTS

vendor:	nokia	model:	intellisync mobile suite	scope:	eq	version:	6.4.31.2	Trust: 2.4
vendor:	nokia	model:	intellisync mobile suite	scope:	eq	version:	6.6.0.107	Trust: 2.4
vendor:	nokia	model:	intellisync mobile suite	scope:	eq	version:	6.6.2.2	Trust: 1.6
vendor:	nokia	model:	groupwise mobile server	scope:	-	version:	-	Trust: 1.4
vendor:	nokia	model:	intellisync wireless email express	scope:	-	version:	-	Trust: 1.4
vendor:	nokia	model:	groupwise mobile server	scope:	eq	version:	*	Trust: 1.0
vendor:	nokia	model:	intellisync wireless email express	scope:	eq	version:	*	Trust: 1.0
vendor:	nokia	model:	intellisync mobile suite	scope:	eq	version:	and 6.6.2.2	Trust: 0.8
vendor:	novell	model:	groupwise mobile server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	novell	model:	groupwise mobile server hp1	scope:	ne	version:	1.0	Trust: 0.3

sources: BID: 23889 // JVNDB: JVNDB-2007-003826 // CNNVD: CNNVD-200705-224 // NVD: CVE-2007-2592

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2592
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-2592
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200705-224
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-25954
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-2592
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-25954
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25954 // JVNDB: JVNDB-2007-003826 // CNNVD: CNNVD-200705-224 // NVD: CVE-2007-2592

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2592

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-224

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 56572 // CNNVD: CNNVD-200705-224

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-003826

PATCH

title:

Top page

url:

http://www.nokia.com/global/

Trust: 0.8

sources: JVNDB: JVNDB-2007-003826

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2592	Trust: 2.8
db:	BID	id:	23889	Trust: 2.0
db:	SECUNIA	id:	25212	Trust: 1.8
db:	SECUNIA	id:	26199	Trust: 1.7
db:	SECTRACK	id:	1018454	Trust: 1.7
db:	VUPEN	id:	ADV-2007-2657	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1727	Trust: 1.7
db:	SREASON	id:	2689	Trust: 1.7
db:	OSVDB	id:	34517	Trust: 1.1
db:	OSVDB	id:	34516	Trust: 1.1
db:	OSVDB	id:	34515	Trust: 1.1
db:	JVNDB	id:	JVNDB-2007-003826	Trust: 0.8
db:	XF	id:	34187	Trust: 0.6
db:	MISC	id:	HTTP://WWW.SEC-CONSULT.COM/289.HTML	Trust: 0.6
db:	BUGTRAQ	id:	20070509 SEC CONSULT SA-20070509-0 :: MULTIPLE VULNERABILITES IN NOKIA INTELLISYNC MOBILE SUITE & WIRELESS EMAIL EXPRESS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200705-224	Trust: 0.6
db:	VULHUB	id:	VHN-25954	Trust: 0.1
db:	PACKETSTORM	id:	56572	Trust: 0.1

sources: VULHUB: VHN-25954 // BID: 23889 // JVNDB: JVNDB-2007-003826 // PACKETSTORM: 56572 // CNNVD: CNNVD-200705-224 // NVD: CVE-2007-2592

REFERENCES

url:	http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5005120.html	Trust: 2.0
url:	http://www.sec-consult.com/289.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/23889	Trust: 1.7
url:	http://www.securitytracker.com/id?1018454	Trust: 1.7
url:	http://secunia.com/advisories/25212	Trust: 1.7
url:	http://secunia.com/advisories/26199	Trust: 1.7
url:	http://securityreason.com/securityalert/2689	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/468048/100/0/threaded	Trust: 1.1
url:	http://osvdb.org/34515	Trust: 1.1
url:	http://osvdb.org/34516	Trust: 1.1
url:	http://osvdb.org/34517	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/1727	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/2657	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/34187	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2592	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2592	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/1727	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/34187	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/2657	Trust: 0.6
url:	http://www.novell.com/products/groupwise/mobileserver/	Trust: 0.3
url:	/archive/1/468048	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/advisories/25212/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/3450/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-25954 // BID: 23889 // JVNDB: JVNDB-2007-003826 // PACKETSTORM: 56572 // CNNVD: CNNVD-200705-224 // NVD: CVE-2007-2592

CREDITS

Johannes Greil discovered these issues.

Trust: 0.9

sources: BID: 23889 // CNNVD: CNNVD-200705-224

SOURCES

db:	VULHUB	id:	VHN-25954
db:	BID	id:	23889
db:	JVNDB	id:	JVNDB-2007-003826
db:	PACKETSTORM	id:	56572
db:	CNNVD	id:	CNNVD-200705-224
db:	NVD	id:	CVE-2007-2592

LAST UPDATE DATE

2025-04-10T19:59:54.555000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25954	date:	2018-10-16T00:00:00
db:	BID	id:	23889	date:	2007-07-26T23:05:00
db:	JVNDB	id:	JVNDB-2007-003826	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200705-224	date:	2007-05-11T00:00:00
db:	NVD	id:	CVE-2007-2592	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25954	date:	2007-05-11T00:00:00
db:	BID	id:	23889	date:	2007-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2007-003826	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	56572	date:	2007-05-10T00:32:46
db:	CNNVD	id:	CNNVD-200705-224	date:	2007-05-11T00:00:00
db:	NVD	id:	CVE-2007-2592	date:	2007-05-11T04:20:00