[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1332Date: (C)2008-03-19   (M)2023-12-22


Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 8.8
Exploit Score: 8.6
Impact Score: 9.2
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: NONE
  
Reference:
SECTRACK-1019629
http://www.securityfocus.com/archive/1/489818/100/0/threaded
BID-28310
SECUNIA-29426
SECUNIA-29456
SECUNIA-29470
SECUNIA-29782
SECUNIA-29957
ADV-2008-0928
DSA-1525
FEDORA-2008-2554
FEDORA-2008-2620
GLSA-200804-13
SUSE-SR:2008:010
asterisk-sip-security-bypass(41308)
http://downloads.digium.com/pub/security/AST-2008-003.html
http://www.asterisk.org/node/48466

CWE    1
CWE-264
OVAL    1
oval:org.mitre.oval:def:8002

© SecPod Technologies