CVE-2007-2590 Information

Description

Nokia Intellisync Mobile Suite 6.4.31.2 6.6.0.107 and 6.6.2.2 possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.

Reference

http://osvdb.org/34514 http://secunia.com/advisories/25212 http://securityreason.com/securityalert/2689 http://www.sec-consult.com/289.html http://www.securityfocus.com/archive/1/468048/100/0/threaded http://www.vupen.com/english/advisories/2007/1727