Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-4597

Опубликовано: 15 дек. 2011
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.19:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.19:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.20:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.21:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.41.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.41.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.42:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.42:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.42:rc2:*:*:*:*:*:*

EPSS

Процентиль: 71%
0.00685
Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2011-4597

ubuntu
около 14 лет назад

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

debian логотип

CVE-2011-4597

debian
около 14 лет назад

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1 ...

github логотип

GHSA-x8j5-r4w2-j865

github
больше 3 лет назад

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

EPSS

Процентиль: 71%
0.00685
Низкий

5 Medium

CVSS2

Дефекты

CWE-200
Уязвимость CVE-2011-4597