Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-2264

Опубликовано: 01 апр. 2013
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.12.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.13.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.13.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.14.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.14.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.14.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.15.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.15.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.15.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.16.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.16.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.16.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.17.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.17.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.17.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.17.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.18.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.18.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.18.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.19.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.19.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.19.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.19.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.20.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.20.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.20.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.8.20.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.4.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.4.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.5.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.5.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.5.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.6.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.7.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.7.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.8.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.9.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.10.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.10.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.11.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.11.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.11.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.12.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.12.1:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc1:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc2:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc3:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:rc1:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:asterisk:business_edition:c.3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:business_edition:c.3.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:business_edition:c.3.3.2:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:a:asterisk:digiumphones:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.2.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.3.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.4.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.5.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.7.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.8.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.10.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.11.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.11.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.11.0:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.12.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:digiumphones:10.12.1:*:*:*:*:*:*:*

EPSS

Процентиль: 39%
0.00171
Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2013-2264

ubuntu
почти 13 лет назад

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.

debian логотип

CVE-2013-2264

debian
почти 13 лет назад

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, ...

github логотип

GHSA-79cp-774x-5w3c

github
больше 3 лет назад

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.

EPSS

Процентиль: 39%
0.00171
Низкий

5 Medium

CVSS2

Дефекты

CWE-200