Описание
An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:digium:asterisk:15.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.1.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.1.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.1.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.1.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.1.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.1.5:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.2.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:15.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.33107
Средний
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-754
Связанные уязвимости
CVSS3: 5.9
ubuntu
почти 8 лет назад
An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
CVSS3: 5.9
debian
почти 8 лет назад
An issue was discovered in res_http_websocket.c in Asterisk 15.x throu ...
CVSS3: 5.9
github
больше 3 лет назад
An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
EPSS
Процентиль: 97%
0.33107
Средний
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-754