Описание
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Ссылки
- PatchThird Party AdvisoryVDB Entry
- Vendor Advisory
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- PatchThird Party AdvisoryVDB Entry
- Vendor Advisory
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
An SSRF issue was discovered in Asterisk through 19.x. When using STIR ...
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
EPSS
9.1 Critical
CVSS3
6.4 Medium
CVSS2