cvelistv5 - CVE-2010-2599

CVE-2010-2599 (GCVE-0-2010-2599)

Vulnerability from cvelistv5 – Published: 2011-01-12 23:00 – Updated: 2024-08-07 02:39

Summary

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.blackberry.com/btsc/KB24841	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1024952	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/45754	vdb-entryx_refsource_BID
	http://blog.tehtri-security.com/2011/01/blackhat-…	x_refsource_MISC
	http://osvdb.org/70404	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/515860/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2011/0082	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.777Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.blackberry.com/btsc/KB24841"
          },
          {
            "name": "1024952",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024952"
          },
          {
            "name": "45754",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45754"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
          },
          {
            "name": "70404",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70404"
          },
          {
            "name": "20110121 [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
          },
          {
            "name": "ADV-2011-0082",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0082"
          },
          {
            "name": "blackberry-desktop-dos(64622)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.blackberry.com/btsc/KB24841"
        },
        {
          "name": "1024952",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024952"
        },
        {
          "name": "45754",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45754"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
        },
        {
          "name": "70404",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70404"
        },
        {
          "name": "20110121 [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
        },
        {
          "name": "ADV-2011-0082",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0082"
        },
        {
          "name": "blackberry-desktop-dos(64622)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2599",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.blackberry.com/btsc/KB24841",
              "refsource": "CONFIRM",
              "url": "http://www.blackberry.com/btsc/KB24841"
            },
            {
              "name": "1024952",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024952"
            },
            {
              "name": "45754",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45754"
            },
            {
              "name": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html",
              "refsource": "MISC",
              "url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
            },
            {
              "name": "70404",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70404"
            },
            {
              "name": "20110121 [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
            },
            {
              "name": "ADV-2011-0082",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0082"
            },
            {
              "name": "blackberry-desktop-dos(64622)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2599",
    "datePublished": "2011-01-12T23:00:00",
    "dateReserved": "2010-07-01T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0.0.1039\", \"matchCriteriaId\": \"8A593B7F-1918-4778-83D7-0EE80CAC5CE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BDB5549-2A78-4A92-8C4E-DE1A4658E52D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:4.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7872A198-F359-4D7C-9AB7-4A7B769E955F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3052C44-F2A4-4871-BF1E-729A6ADF6ADE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:4.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC128583-356C-461C-B612-8927BCBA1195\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EF7EA30-4605-42DF-A483-70B61F224898\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:4.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F14F928-4191-4689-81CB-B7C1C9A785D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:5.0.0.593:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46A10F07-C3D0-4001-A7D6-5C8ABD116DD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:5.0.0.882:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07DBCF18-5E8A-43E3-AF87-2B026ED18B76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:5.0.0.973:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8383B17-2B79-4BC4-A6BE-938D8BFEB1CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:5.0.0.983:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A11A0C52-52D4-4281-9213-4F39C3255138\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:5.0.0.1036:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03C9D955-D337-49D9-9FE4-83AAA390919C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_software:5.0.0.1041:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AED872B-1728-4684-988A-DB1A91C8DB68\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en BlackBerry Device Software anterior a v6.0.0 de Research In Motion (RIM)  permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (navegador se bloquea) a trav\\u00e9s de una p\\u00e1gina web manipulada.\"}]",
      "id": "CVE-2010-2599",
      "lastModified": "2024-11-21T01:16:58.740",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-01-13T01:00:01.350",
      "references": "[{\"url\": \"http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/70404\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.blackberry.com/btsc/KB24841\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/515860/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/45754\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1024952\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0082\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64622\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/70404\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.blackberry.com/btsc/KB24841\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/515860/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/45754\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1024952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0082\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64622\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2599\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-01-13T01:00:01.350\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en BlackBerry Device Software anterior a v6.0.0 de Research In Motion (RIM)  permite a atacantes remotos provocar una denegaci\u00f3n de servicio (navegador se bloquea) a trav\u00e9s de una p\u00e1gina web manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.0.1039\",\"matchCriteriaId\":\"8A593B7F-1918-4778-83D7-0EE80CAC5CE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BDB5549-2A78-4A92-8C4E-DE1A4658E52D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7872A198-F359-4D7C-9AB7-4A7B769E955F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3052C44-F2A4-4871-BF1E-729A6ADF6ADE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC128583-356C-461C-B612-8927BCBA1195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EF7EA30-4605-42DF-A483-70B61F224898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F14F928-4191-4689-81CB-B7C1C9A785D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:5.0.0.593:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46A10F07-C3D0-4001-A7D6-5C8ABD116DD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:5.0.0.882:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DBCF18-5E8A-43E3-AF87-2B026ED18B76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:5.0.0.973:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8383B17-2B79-4BC4-A6BE-938D8BFEB1CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:5.0.0.983:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A11A0C52-52D4-4281-9213-4F39C3255138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:5.0.0.1036:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C9D955-D337-49D9-9FE4-83AAA390919C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_software:5.0.0.1041:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AED872B-1728-4684-988A-DB1A91C8DB68\"}]}]}],\"references\":[{\"url\":\"http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/70404\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.blackberry.com/btsc/KB24841\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515860/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/45754\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1024952\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0082\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64622\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/70404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.blackberry.com/btsc/KB24841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515860/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64622\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2010-2599

Vulnerability from fkie_nvd - Published: 2011-01-13 01:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.

References

URL	Tags
cve@mitre.org	http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html
cve@mitre.org	http://osvdb.org/70404
cve@mitre.org	http://www.blackberry.com/btsc/KB24841	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/515860/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/45754
cve@mitre.org	http://www.securitytracker.com/id?1024952
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0082	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/64622
af854a3a-2127-422b-91ae-364da2661108	http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70404
af854a3a-2127-422b-91ae-364da2661108	http://www.blackberry.com/btsc/KB24841	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/515860/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45754
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024952
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0082	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/64622

Impacted products

Vendor	Product	Version
rim	blackberry_software	*
rim	blackberry_software	4.0
rim	blackberry_software	4.5.0
rim	blackberry_software	4.6
rim	blackberry_software	4.6.1
rim	blackberry_software	4.7
rim	blackberry_software	4.7.1
rim	blackberry_software	5.0.0.593
rim	blackberry_software	5.0.0.882
rim	blackberry_software	5.0.0.973
rim	blackberry_software	5.0.0.983
rim	blackberry_software	5.0.0.1036
rim	blackberry_software	5.0.0.1041

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A593B7F-1918-4778-83D7-0EE80CAC5CE5",
              "versionEndIncluding": "5.0.0.1039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BDB5549-2A78-4A92-8C4E-DE1A4658E52D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7872A198-F359-4D7C-9AB7-4A7B769E955F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3052C44-F2A4-4871-BF1E-729A6ADF6ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC128583-356C-461C-B612-8927BCBA1195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF7EA30-4605-42DF-A483-70B61F224898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F14F928-4191-4689-81CB-B7C1C9A785D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:5.0.0.593:*:*:*:*:*:*:*",
              "matchCriteriaId": "46A10F07-C3D0-4001-A7D6-5C8ABD116DD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:5.0.0.882:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DBCF18-5E8A-43E3-AF87-2B026ED18B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:5.0.0.973:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8383B17-2B79-4BC4-A6BE-938D8BFEB1CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:5.0.0.983:*:*:*:*:*:*:*",
              "matchCriteriaId": "A11A0C52-52D4-4281-9213-4F39C3255138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:5.0.0.1036:*:*:*:*:*:*:*",
              "matchCriteriaId": "03C9D955-D337-49D9-9FE4-83AAA390919C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_software:5.0.0.1041:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AED872B-1728-4684-988A-DB1A91C8DB68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en BlackBerry Device Software anterior a v6.0.0 de Research In Motion (RIM)  permite a atacantes remotos provocar una denegaci\u00f3n de servicio (navegador se bloquea) a trav\u00e9s de una p\u00e1gina web manipulada."
    }
  ],
  "id": "CVE-2010-2599",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-01-13T01:00:01.350",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/70404"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.blackberry.com/btsc/KB24841"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45754"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024952"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0082"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.blackberry.com/btsc/KB24841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7239-34H3-RFWM

Vulnerability from github – Published: 2022-05-14 02:44 – Updated: 2022-05-14 02:44

Details

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2599"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-01-13T01:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.",
  "id": "GHSA-7239-34h3-rfwm",
  "modified": "2022-05-14T02:44:09Z",
  "published": "2022-05-14T02:44:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2599"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
    },
    {
      "type": "WEB",
      "url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/70404"
    },
    {
      "type": "WEB",
      "url": "http://www.blackberry.com/btsc/KB24841"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45754"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024952"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0082"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-2599

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.

Aliases

CVE-2010-2599

Aliases

CVE-2010-2599

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2599",
    "description": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.",
    "id": "GSD-2010-2599"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2599"
      ],
      "details": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.",
      "id": "GSD-2010-2599",
      "modified": "2023-12-13T01:21:30.990010Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-2599",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.blackberry.com/btsc/KB24841",
            "refsource": "CONFIRM",
            "url": "http://www.blackberry.com/btsc/KB24841"
          },
          {
            "name": "1024952",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024952"
          },
          {
            "name": "45754",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/45754"
          },
          {
            "name": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html",
            "refsource": "MISC",
            "url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
          },
          {
            "name": "70404",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/70404"
          },
          {
            "name": "20110121 [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
          },
          {
            "name": "ADV-2011-0082",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0082"
          },
          {
            "name": "blackberry-desktop-dos(64622)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.973:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.1041:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.882:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.1036:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.0.1039",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.593:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.983:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2599"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.blackberry.com/btsc/KB24841",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.blackberry.com/btsc/KB24841"
            },
            {
              "name": "45754",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/45754"
            },
            {
              "name": "ADV-2011-0082",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0082"
            },
            {
              "name": "1024952",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024952"
            },
            {
              "name": "70404",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/70404"
            },
            {
              "name": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
            },
            {
              "name": "blackberry-desktop-dos(64622)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
            },
            {
              "name": "20110121 [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T19:59Z",
      "publishedDate": "2011-01-13T01:00Z"
    }
  }
}

VAR-201101-0123

Vulnerability from variot - Updated: 2023-12-18 11:46

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. Successful exploits allow an attacker to crash the affected browser, resulting in a denial-of-service condition. Versions prior to Research In Motion BlackBerry Device Software 6.0.0 are vulnerable. Gents,

BlackHat Washington DC has just finished, and we wanted to let you know that RIM officially released a patch for the vulnerability found by TEHTRI-Security in BlackBerry devices, and covered during our talk: "Inglourious Hackerds: Targeting Web Clients".

To quote RIM web site, the BlackBerry device subsequently terminates the browser, and the browser eventually restarts and displays an error message.

What was quite funny is that, with little tweaks (based on incoming User-Agent + sizes of buffers + payloads...) our 0day also worked against HTC Windows, Apple iPhone/iPod (CVE-2010-1752) and Google Android devices, with different kind of results. It's all related to a flaw in the way those devices try to handle HTML codes, based on some concepts taken from the HTTP RFC directly...

To avoid the spread of annoying exploits, that would target customers of Google, RIM, Apple & HTC, we only shared some information with the vendors and during the BlackHat DC event, but our slides on BlackHat.com will also contain part of information.

If you want to go further, here are some useful links:

Official RIM web page dealing with our 0Day: http://www.blackberry.com/btsc/KB24841
BlackHat Washington DC: https://www.blackhat.com/html/bh-dc-11/bh-dc-11-schedule.html
Mitre CVE Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2599
Gartner.com Blog Entry about our talk @BHDC: http://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/
NetworkWorld Press Article about our talk @BHDC: http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html
TEHTRI-Security Blog: http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html

We would like to thanks the security experts of RIM who came to our talk in Washington, and who took time there to share explanations with our attendees in order to show how they mitigated our findings by handling those issues with all the carriers involved worldwide (what an incredible task).

On our side, we got technical fun by doing technical penetration tests on those devices, and this is how we found such 0days. We do think that basic tests are not always done properly because of consumerization, money & time issues, etc.

Recently, we found 0days against IP Camera surveillance, etc, by doing penetration tests. We live in world where everything has to be clean, beautiful, quick, easy, marketable, and certified. But what about IT Security, while everything gets more and more complex... We now all get Certified non-Ethically Hackable...

"Good night, and Good luck."

Best regards,

Laurent OUDOT, from Washington DC, USA @BlackHatDC Briefings ( http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Oudot )

TEHTRI-Security - "This is not a Game." http://www.tehtri-security.com/ http://twitter/tehtris . Gents,

If you are a lucky BlackBerry owner, or an administrator of many BB devices, you can do a quick security check of your smartphone(s), by browsing this web page from your device (free quick check):

http://tehtris.com/bbcheck

For now, this will check for you if you are potentially vulnerable against those exploits:

-> Nov 2007 - US-CERT Advisory VU#282856 - Exploit from Michael Kemp http://www.blackberry.com/btsc/KB12577

-> Jan 2011 - CVE-2010-2599 - Exploit found by TEHTRI-Security http://www.blackberry.com/btsc/KB24841

-> Mar 2011 - CVE-2011-1290 - Awesome Pwn2own/CSW exploit from Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers

A workaround for this latest vulnerability (CVE-2011-1290) could be to disable JavaScript, as explained on RIM resources.

You should definitely read this: http://www.blackberry.com/btsc/KB26132

Have a nice day,

Laurent OUDOT, CEO TEHTRI-Security -- "This is not a game" http://www.tehtri-security.com/ Follow us: @tehtris

=> Join us for more hacking tricks during next awesome events:

SyScan Singapore (April) -- Training: "Advanced PHP Hacking" http://www.syscan.org/index.php/sg/training
HITB Amsterdam (May) -- Training: "Hunting Web Attackers" http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201101-0123",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rim",
        "version": "4.7"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rim",
        "version": "4.6"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rim",
        "version": "4.0"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rim",
        "version": "4.6.1"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rim",
        "version": "5.0.0.1041"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rim",
        "version": "4.5.0"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rim",
        "version": "5.0.0.1036"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rim",
        "version": "4.7.1"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rim",
        "version": "5.0.0.882"
      },
      {
        "model": "blackberry software",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "rim",
        "version": "5.0.0.1039"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rim",
        "version": "5.0.0.593"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rim",
        "version": "5.0.0.983"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rim",
        "version": "5.0.0.973"
      },
      {
        "model": "device software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "blackberry",
        "version": "6.0.0"
      },
      {
        "model": "blackberry software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rim",
        "version": "5.0.0.1039"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.7.1.57"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.7.1"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.7.179"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.7"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.6.1.309"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.6.1"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.6.303"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.6"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.5.173"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.5"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0.2"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0.1.83"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0.1.108"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "2.0"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "1.0"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "6.0.1"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "6.0"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.1"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.7"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.6"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.5"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0"
      },
      {
        "model": "in motion blackberry desktop software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "3.0"
      },
      {
        "model": "in motion blackberry device software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "research",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "45754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2599"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201101-135"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.973:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.1041:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.882:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.1036:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.0.1039",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.593:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.983:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-2599"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Laurent Oudot of TEHTRI Security",
    "sources": [
      {
        "db": "BID",
        "id": "45754"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-2599",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2010-2599",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-2599",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201101-135",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2599"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201101-135"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. \nSuccessful exploits allow an attacker to crash the affected browser, resulting in a denial-of-service condition. \nVersions prior to Research In Motion BlackBerry Device Software 6.0.0 are vulnerable. \nGents,\n\nBlackHat Washington DC has just finished, and we wanted to let you know\nthat RIM officially released a patch for the vulnerability found by\nTEHTRI-Security in BlackBerry devices, and covered during our talk:\n\"Inglourious Hackerds: Targeting Web Clients\". \n\nTo quote RIM web site, the BlackBerry device subsequently terminates the\nbrowser, and the browser eventually restarts and displays an error message. \n\nWhat was quite funny is that, with little tweaks (based on incoming\nUser-Agent + sizes of buffers + payloads...) our 0day also worked\nagainst HTC Windows, Apple iPhone/iPod (CVE-2010-1752) and Google\nAndroid devices, with different kind of results. It\u0027s all related to a\nflaw in the way those devices try to handle HTML codes, based on some\nconcepts taken from the HTTP RFC directly... \n\nTo avoid the spread of annoying exploits, that would target customers of\nGoogle, RIM, Apple \u0026 HTC, we only shared some information with the\nvendors and during the BlackHat DC event, but our slides on BlackHat.com\nwill also contain part of information. \n\nIf you want to go further, here are some useful links:\n\n- Official RIM web page dealing with our 0Day:\nhttp://www.blackberry.com/btsc/KB24841\n\n- BlackHat Washington DC:\nhttps://www.blackhat.com/html/bh-dc-11/bh-dc-11-schedule.html\n\n- Mitre CVE Entry\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2599\n\n- Gartner.com Blog Entry about our talk @BHDC:\nhttp://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/\n\n- NetworkWorld Press Article about our talk @BHDC:\nhttp://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html\n\n- TEHTRI-Security Blog:\nhttp://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html\n\nWe would like to thanks the security experts of RIM who came to our talk\nin Washington, and who took time there to share explanations with our\nattendees in order to show how they mitigated our findings by handling\nthose issues with all the carriers involved worldwide (what an\nincredible task). \n\nOn our side, we got technical fun by doing technical penetration tests\non those devices, and this is how we found such 0days. We do think that\nbasic tests are not always done properly because of consumerization,\nmoney \u0026 time issues, etc. \n\nRecently, we found 0days against IP Camera surveillance, etc, by doing\npenetration tests. We live in world where everything has to be clean,\nbeautiful, quick, easy, marketable, and certified. But what about IT\nSecurity, while everything gets more and more complex... \nWe now all get Certified non-Ethically Hackable... \n\n\"Good night, and Good luck.\"\n\nBest regards,\n\nLaurent OUDOT, from Washington DC, USA @BlackHatDC Briefings\n( http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Oudot )\n\n TEHTRI-Security - \"This is not a Game.\"\n http://www.tehtri-security.com/\n http://twitter/tehtris\n. \nGents,\n\nIf you are a lucky BlackBerry owner, or an administrator of many BB\ndevices, you can do a quick security check of your smartphone(s), by\nbrowsing this web page from your device (free quick check):\n\n    http://tehtris.com/bbcheck\n\nFor now, this will check for you if you are potentially vulnerable\nagainst those exploits:\n\n-\u003e Nov 2007 - US-CERT Advisory VU#282856 - Exploit from Michael Kemp\n   http://www.blackberry.com/btsc/KB12577\n\n-\u003e Jan 2011 - CVE-2010-2599 - Exploit found by TEHTRI-Security\n   http://www.blackberry.com/btsc/KB24841\n\n-\u003e Mar 2011 - CVE-2011-1290 - Awesome Pwn2own/CSW exploit from Vincenzo\nIozzo, Ralf Philipp Weinmann, and Willem Pinckaers\n\nA workaround for this latest vulnerability (CVE-2011-1290) could be to\ndisable JavaScript, as explained on RIM resources. \n\nYou should definitely read this: http://www.blackberry.com/btsc/KB26132\n\nHave a nice day,\n\nLaurent OUDOT, CEO TEHTRI-Security -- \"This is not a game\"\n http://www.tehtri-security.com/\n Follow us: @tehtris\n\n=\u003e Join us for more hacking tricks during next awesome events:\n\n- SyScan Singapore (April) -- Training: \"Advanced PHP Hacking\"\nhttp://www.syscan.org/index.php/sg/training\n\n- HITB Amsterdam (May) -- Training: \"Hunting Web Attackers\"\nhttp://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-2599"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      },
      {
        "db": "BID",
        "id": "45754"
      },
      {
        "db": "PACKETSTORM",
        "id": "97744"
      },
      {
        "db": "PACKETSTORM",
        "id": "99462"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-2599",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "45754",
        "trust": 2.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0082",
        "trust": 2.4
      },
      {
        "db": "OSVDB",
        "id": "70404",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1024952",
        "trust": 1.8
      },
      {
        "db": "XF",
        "id": "64622",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001299",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201101-135",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "97744",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "99462",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "45754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      },
      {
        "db": "PACKETSTORM",
        "id": "97744"
      },
      {
        "db": "PACKETSTORM",
        "id": "99462"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2599"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201101-135"
      }
    ]
  },
  "id": "VAR-201101-0123",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.28333333
  },
  "last_update_date": "2023-12-18T11:46:32.908000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "KB24841",
        "trust": 0.8,
        "url": "http://www.blackberry.com/btsc/search.do?cmd=displaykc\u0026doctype=kc\u0026externalid=kb24841"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-2599"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/45754"
      },
      {
        "trust": 2.4,
        "url": "http://www.vupen.com/english/advisories/2011/0082"
      },
      {
        "trust": 1.8,
        "url": "http://osvdb.org/70404"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id?1024952"
      },
      {
        "trust": 1.8,
        "url": "http://www.blackberry.com/btsc/kb24841"
      },
      {
        "trust": 1.1,
        "url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2599"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/64622"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2599"
      },
      {
        "trust": 0.3,
        "url": "http://www.rim.net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.blackberry.com/btsc/search.do?cmd=displaykc\u0026doctype=kc\u0026externalid=kb24841"
      },
      {
        "trust": 0.2,
        "url": "http://www.tehtri-security.com/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2599"
      },
      {
        "trust": 0.1,
        "url": "http://twitter/tehtris"
      },
      {
        "trust": 0.1,
        "url": "https://www.blackhat.com/html/bh-dc-11/bh-dc-11-schedule.html"
      },
      {
        "trust": 0.1,
        "url": "http://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/"
      },
      {
        "trust": 0.1,
        "url": "http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#oudot"
      },
      {
        "trust": 0.1,
        "url": "http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.blackberry.com/btsc/kb12577"
      },
      {
        "trust": 0.1,
        "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1290"
      },
      {
        "trust": 0.1,
        "url": "http://tehtris.com/bbcheck"
      },
      {
        "trust": 0.1,
        "url": "http://www.syscan.org/index.php/sg/training"
      },
      {
        "trust": 0.1,
        "url": "http://www.blackberry.com/btsc/kb26132"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "45754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      },
      {
        "db": "PACKETSTORM",
        "id": "97744"
      },
      {
        "db": "PACKETSTORM",
        "id": "99462"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2599"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201101-135"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "45754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      },
      {
        "db": "PACKETSTORM",
        "id": "97744"
      },
      {
        "db": "PACKETSTORM",
        "id": "99462"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2599"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201101-135"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-01-11T00:00:00",
        "db": "BID",
        "id": "45754"
      },
      {
        "date": "2011-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      },
      {
        "date": "2011-01-21T20:11:01",
        "db": "PACKETSTORM",
        "id": "97744"
      },
      {
        "date": "2011-03-18T22:39:32",
        "db": "PACKETSTORM",
        "id": "99462"
      },
      {
        "date": "2011-01-13T01:00:01.350000",
        "db": "NVD",
        "id": "CVE-2010-2599"
      },
      {
        "date": "2011-01-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201101-135"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-01-11T00:00:00",
        "db": "BID",
        "id": "45754"
      },
      {
        "date": "2011-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      },
      {
        "date": "2018-10-10T19:59:51.027000",
        "db": "NVD",
        "id": "CVE-2010-2599"
      },
      {
        "date": "2011-01-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201101-135"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201101-135"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BlackBerry Device Software Denial of service in Japan  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001299"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201101-135"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2599 (GCVE-0-2010-2599)

FKIE_CVE-2010-2599

GHSA-7239-34H3-RFWM

GSD-2010-2599

VAR-201101-0123

Tags

Sightings

Nomenclature