Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12227

Опубликовано: 12 июн. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5
CVSS3: 5.3

Описание

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

РелизСтатусПримечание
artful

ignored

end of life
bionic

ignored

end of standard support, was needed
cosmic

not-affected

1:13.22.0~dfsg-2
devel

not-affected

1:16.2.1~dfsg-1
disco

not-affected

1:16.2.1~dfsg-1
eoan

not-affected

1:16.2.1~dfsg-1
esm-apps/bionic

needed

esm-apps/focal

not-affected

1:16.2.1~dfsg-1
esm-apps/jammy

not-affected

1:16.2.1~dfsg-1
esm-apps/noble

not-affected

1:16.2.1~dfsg-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 77%
0.0106
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-12227

CVSS3: 5.3
nvd
больше 7 лет назад

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

debian логотип

CVE-2018-12227

CVSS3: 5.3
debian
больше 7 лет назад

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 1 ...

github логотип

GHSA-cvxq-f65j-c34v

CVSS3: 5.3
github
больше 3 лет назад

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

EPSS

Процентиль: 77%
0.0106
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3