VAR-201101-0123
Vulnerability from variot - Updated: 2023-12-18 11:46Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. Successful exploits allow an attacker to crash the affected browser, resulting in a denial-of-service condition. Versions prior to Research In Motion BlackBerry Device Software 6.0.0 are vulnerable. Gents,
BlackHat Washington DC has just finished, and we wanted to let you know that RIM officially released a patch for the vulnerability found by TEHTRI-Security in BlackBerry devices, and covered during our talk: "Inglourious Hackerds: Targeting Web Clients".
To quote RIM web site, the BlackBerry device subsequently terminates the browser, and the browser eventually restarts and displays an error message.
What was quite funny is that, with little tweaks (based on incoming User-Agent + sizes of buffers + payloads...) our 0day also worked against HTC Windows, Apple iPhone/iPod (CVE-2010-1752) and Google Android devices, with different kind of results. It's all related to a flaw in the way those devices try to handle HTML codes, based on some concepts taken from the HTTP RFC directly...
To avoid the spread of annoying exploits, that would target customers of Google, RIM, Apple & HTC, we only shared some information with the vendors and during the BlackHat DC event, but our slides on BlackHat.com will also contain part of information.
If you want to go further, here are some useful links:
-
Official RIM web page dealing with our 0Day: http://www.blackberry.com/btsc/KB24841
-
BlackHat Washington DC: https://www.blackhat.com/html/bh-dc-11/bh-dc-11-schedule.html
-
Mitre CVE Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2599
-
Gartner.com Blog Entry about our talk @BHDC: http://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/
-
NetworkWorld Press Article about our talk @BHDC: http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html
-
TEHTRI-Security Blog: http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html
We would like to thanks the security experts of RIM who came to our talk in Washington, and who took time there to share explanations with our attendees in order to show how they mitigated our findings by handling those issues with all the carriers involved worldwide (what an incredible task).
On our side, we got technical fun by doing technical penetration tests on those devices, and this is how we found such 0days. We do think that basic tests are not always done properly because of consumerization, money & time issues, etc.
Recently, we found 0days against IP Camera surveillance, etc, by doing penetration tests. We live in world where everything has to be clean, beautiful, quick, easy, marketable, and certified. But what about IT Security, while everything gets more and more complex... We now all get Certified non-Ethically Hackable...
"Good night, and Good luck."
Best regards,
Laurent OUDOT, from Washington DC, USA @BlackHatDC Briefings ( http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Oudot )
TEHTRI-Security - "This is not a Game." http://www.tehtri-security.com/ http://twitter/tehtris . Gents,
If you are a lucky BlackBerry owner, or an administrator of many BB devices, you can do a quick security check of your smartphone(s), by browsing this web page from your device (free quick check):
http://tehtris.com/bbcheck
For now, this will check for you if you are potentially vulnerable against those exploits:
-> Nov 2007 - US-CERT Advisory VU#282856 - Exploit from Michael Kemp http://www.blackberry.com/btsc/KB12577
-> Jan 2011 - CVE-2010-2599 - Exploit found by TEHTRI-Security http://www.blackberry.com/btsc/KB24841
-> Mar 2011 - CVE-2011-1290 - Awesome Pwn2own/CSW exploit from Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers
A workaround for this latest vulnerability (CVE-2011-1290) could be to disable JavaScript, as explained on RIM resources.
You should definitely read this: http://www.blackberry.com/btsc/KB26132
Have a nice day,
Laurent OUDOT, CEO TEHTRI-Security -- "This is not a game" http://www.tehtri-security.com/ Follow us: @tehtris
=> Join us for more hacking tricks during next awesome events:
-
SyScan Singapore (April) -- Training: "Advanced PHP Hacking" http://www.syscan.org/index.php/sg/training
-
HITB Amsterdam (May) -- Training: "Hunting Web Attackers" http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201101-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "4.7"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "4.6"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "4.0"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "4.6.1"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "5.0.0.1041"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "4.5.0"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "5.0.0.1036"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "4.7.1"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "5.0.0.882"
},
{
"model": "blackberry software",
"scope": "lte",
"trust": 1.0,
"vendor": "rim",
"version": "5.0.0.1039"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.0,
"vendor": "rim",
"version": "5.0.0.593"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.0,
"vendor": "rim",
"version": "5.0.0.983"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.0,
"vendor": "rim",
"version": "5.0.0.973"
},
{
"model": "device software",
"scope": "lt",
"trust": 0.8,
"vendor": "blackberry",
"version": "6.0.0"
},
{
"model": "blackberry software",
"scope": "eq",
"trust": 0.6,
"vendor": "rim",
"version": "5.0.0.1039"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.7.1.57"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.7.1"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.7.179"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.7"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.6.1.309"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.6.1"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.6.303"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.6"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.5.173"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.5"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.0.2"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.0.1.83"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.0.1.108"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.0"
},
{
"model": "in motion blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "2.0"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "1.0"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "6.0.1"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "6.0"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.1"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.7"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.6"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.5"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.0"
},
{
"model": "in motion blackberry desktop software",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "3.0"
},
{
"model": "in motion blackberry device software",
"scope": "ne",
"trust": 0.3,
"vendor": "research",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "45754"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001299"
},
{
"db": "NVD",
"id": "CVE-2010-2599"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-135"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.973:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.1041:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.882:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.1036:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.0.1039",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.593:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:5.0.0.983:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2599"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Laurent Oudot of TEHTRI Security",
"sources": [
{
"db": "BID",
"id": "45754"
}
],
"trust": 0.3
},
"cve": "CVE-2010-2599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-2599",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-2599",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201101-135",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001299"
},
{
"db": "NVD",
"id": "CVE-2010-2599"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-135"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. \nSuccessful exploits allow an attacker to crash the affected browser, resulting in a denial-of-service condition. \nVersions prior to Research In Motion BlackBerry Device Software 6.0.0 are vulnerable. \nGents,\n\nBlackHat Washington DC has just finished, and we wanted to let you know\nthat RIM officially released a patch for the vulnerability found by\nTEHTRI-Security in BlackBerry devices, and covered during our talk:\n\"Inglourious Hackerds: Targeting Web Clients\". \n\nTo quote RIM web site, the BlackBerry device subsequently terminates the\nbrowser, and the browser eventually restarts and displays an error message. \n\nWhat was quite funny is that, with little tweaks (based on incoming\nUser-Agent + sizes of buffers + payloads...) our 0day also worked\nagainst HTC Windows, Apple iPhone/iPod (CVE-2010-1752) and Google\nAndroid devices, with different kind of results. It\u0027s all related to a\nflaw in the way those devices try to handle HTML codes, based on some\nconcepts taken from the HTTP RFC directly... \n\nTo avoid the spread of annoying exploits, that would target customers of\nGoogle, RIM, Apple \u0026 HTC, we only shared some information with the\nvendors and during the BlackHat DC event, but our slides on BlackHat.com\nwill also contain part of information. \n\nIf you want to go further, here are some useful links:\n\n- Official RIM web page dealing with our 0Day:\nhttp://www.blackberry.com/btsc/KB24841\n\n- BlackHat Washington DC:\nhttps://www.blackhat.com/html/bh-dc-11/bh-dc-11-schedule.html\n\n- Mitre CVE Entry\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2599\n\n- Gartner.com Blog Entry about our talk @BHDC:\nhttp://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/\n\n- NetworkWorld Press Article about our talk @BHDC:\nhttp://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html\n\n- TEHTRI-Security Blog:\nhttp://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html\n\nWe would like to thanks the security experts of RIM who came to our talk\nin Washington, and who took time there to share explanations with our\nattendees in order to show how they mitigated our findings by handling\nthose issues with all the carriers involved worldwide (what an\nincredible task). \n\nOn our side, we got technical fun by doing technical penetration tests\non those devices, and this is how we found such 0days. We do think that\nbasic tests are not always done properly because of consumerization,\nmoney \u0026 time issues, etc. \n\nRecently, we found 0days against IP Camera surveillance, etc, by doing\npenetration tests. We live in world where everything has to be clean,\nbeautiful, quick, easy, marketable, and certified. But what about IT\nSecurity, while everything gets more and more complex... \nWe now all get Certified non-Ethically Hackable... \n\n\"Good night, and Good luck.\"\n\nBest regards,\n\nLaurent OUDOT, from Washington DC, USA @BlackHatDC Briefings\n( http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Oudot )\n\n TEHTRI-Security - \"This is not a Game.\"\n http://www.tehtri-security.com/\n http://twitter/tehtris\n. \nGents,\n\nIf you are a lucky BlackBerry owner, or an administrator of many BB\ndevices, you can do a quick security check of your smartphone(s), by\nbrowsing this web page from your device (free quick check):\n\n http://tehtris.com/bbcheck\n\nFor now, this will check for you if you are potentially vulnerable\nagainst those exploits:\n\n-\u003e Nov 2007 - US-CERT Advisory VU#282856 - Exploit from Michael Kemp\n http://www.blackberry.com/btsc/KB12577\n\n-\u003e Jan 2011 - CVE-2010-2599 - Exploit found by TEHTRI-Security\n http://www.blackberry.com/btsc/KB24841\n\n-\u003e Mar 2011 - CVE-2011-1290 - Awesome Pwn2own/CSW exploit from Vincenzo\nIozzo, Ralf Philipp Weinmann, and Willem Pinckaers\n\nA workaround for this latest vulnerability (CVE-2011-1290) could be to\ndisable JavaScript, as explained on RIM resources. \n\nYou should definitely read this: http://www.blackberry.com/btsc/KB26132\n\nHave a nice day,\n\nLaurent OUDOT, CEO TEHTRI-Security -- \"This is not a game\"\n http://www.tehtri-security.com/\n Follow us: @tehtris\n\n=\u003e Join us for more hacking tricks during next awesome events:\n\n- SyScan Singapore (April) -- Training: \"Advanced PHP Hacking\"\nhttp://www.syscan.org/index.php/sg/training\n\n- HITB Amsterdam (May) -- Training: \"Hunting Web Attackers\"\nhttp://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2599"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001299"
},
{
"db": "BID",
"id": "45754"
},
{
"db": "PACKETSTORM",
"id": "97744"
},
{
"db": "PACKETSTORM",
"id": "99462"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2599",
"trust": 2.9
},
{
"db": "BID",
"id": "45754",
"trust": 2.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0082",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "70404",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1024952",
"trust": 1.8
},
{
"db": "XF",
"id": "64622",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001299",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201101-135",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "97744",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99462",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "45754"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001299"
},
{
"db": "PACKETSTORM",
"id": "97744"
},
{
"db": "PACKETSTORM",
"id": "99462"
},
{
"db": "NVD",
"id": "CVE-2010-2599"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-135"
}
]
},
"id": "VAR-201101-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28333333
},
"last_update_date": "2023-12-18T11:46:32.908000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB24841",
"trust": 0.8,
"url": "http://www.blackberry.com/btsc/search.do?cmd=displaykc\u0026doctype=kc\u0026externalid=kb24841"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/45754"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2011/0082"
},
{
"trust": 1.8,
"url": "http://osvdb.org/70404"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id?1024952"
},
{
"trust": 1.8,
"url": "http://www.blackberry.com/btsc/kb24841"
},
{
"trust": 1.1,
"url": "http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/515860/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64622"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2599"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/64622"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2599"
},
{
"trust": 0.3,
"url": "http://www.rim.net/"
},
{
"trust": 0.3,
"url": "http://www.blackberry.com/btsc/search.do?cmd=displaykc\u0026doctype=kc\u0026externalid=kb24841"
},
{
"trust": 0.2,
"url": "http://www.tehtri-security.com/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2599"
},
{
"trust": 0.1,
"url": "http://twitter/tehtris"
},
{
"trust": 0.1,
"url": "https://www.blackhat.com/html/bh-dc-11/bh-dc-11-schedule.html"
},
{
"trust": 0.1,
"url": "http://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/"
},
{
"trust": 0.1,
"url": "http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#oudot"
},
{
"trust": 0.1,
"url": "http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html"
},
{
"trust": 0.1,
"url": "http://www.blackberry.com/btsc/kb12577"
},
{
"trust": 0.1,
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1290"
},
{
"trust": 0.1,
"url": "http://tehtris.com/bbcheck"
},
{
"trust": 0.1,
"url": "http://www.syscan.org/index.php/sg/training"
},
{
"trust": 0.1,
"url": "http://www.blackberry.com/btsc/kb26132"
}
],
"sources": [
{
"db": "BID",
"id": "45754"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001299"
},
{
"db": "PACKETSTORM",
"id": "97744"
},
{
"db": "PACKETSTORM",
"id": "99462"
},
{
"db": "NVD",
"id": "CVE-2010-2599"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-135"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "45754"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001299"
},
{
"db": "PACKETSTORM",
"id": "97744"
},
{
"db": "PACKETSTORM",
"id": "99462"
},
{
"db": "NVD",
"id": "CVE-2010-2599"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-135"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-11T00:00:00",
"db": "BID",
"id": "45754"
},
{
"date": "2011-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001299"
},
{
"date": "2011-01-21T20:11:01",
"db": "PACKETSTORM",
"id": "97744"
},
{
"date": "2011-03-18T22:39:32",
"db": "PACKETSTORM",
"id": "99462"
},
{
"date": "2011-01-13T01:00:01.350000",
"db": "NVD",
"id": "CVE-2010-2599"
},
{
"date": "2011-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201101-135"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-11T00:00:00",
"db": "BID",
"id": "45754"
},
{
"date": "2011-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001299"
},
{
"date": "2018-10-10T19:59:51.027000",
"db": "NVD",
"id": "CVE-2010-2599"
},
{
"date": "2011-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201101-135"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201101-135"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BlackBerry Device Software Denial of service in Japan (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001299"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201101-135"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…