Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-3559

Published: 16/11/2005 Updated: 19/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Asterisk

Vulnerability Summary

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 up to and including 1.2.0-beta1 allows remote malicious users to access WAV files via a .. (dot dot) in the folder parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

digium asterisk 0.1.1

digium asterisk 0.1.10

digium asterisk 0.1.11

digium asterisk 0.1.7

digium asterisk 0.1.8

digium asterisk 0.7.1

digium asterisk 0.7.2

digium asterisk 1.0.6

digium asterisk 1.0.7

digium asterisk 1.0.8

digium asterisk 0.1.0

digium asterisk 0.1.5

digium asterisk 0.1.6

digium asterisk 0.5.0

digium asterisk 0.7.0

digium asterisk 1.0.4

digium asterisk 1.0.5

digium asterisk 0.1.12

digium asterisk 0.1.2

digium asterisk 0.1.9

digium asterisk 0.2.0

digium asterisk 1.0.0

digium asterisk 1.0.1

digium asterisk 1.0.9

digium asterisk 1.0_rc1

digium asterisk 0.1.3

digium asterisk 0.1.4

digium asterisk 0.3.0

digium asterisk 0.4.0

digium asterisk 1.0.2

digium asterisk 1.0.3

digium asterisk 1.0_rc2

digium asterisk 1.2.0_beta1

Vendor Advisories

Debian CVElist Bug Report Logs: asterisk-web-vmail: Information disclosure of voice mail messages through vmail.cgi
Debian Bug report logs - #338116 asterisk-web-vmail: Information disclosure of voice mail messages through vmailcgi Package: asterisk-web-vmail; Maintainer for asterisk-web-vmail is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 8 Nov 2005 09:33:14 UTC Severity: important Tags: patch, security Fo ...
Debian Security Advisories: DSA-1048-1 asterisk -- several vulnerabilities
Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center) The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3559 Adam Pointon discovered that due to missing input sanitising it is possible to retrieve recorded phone messages for a differe ...

Exploits

Exploit DB: Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access
source: wwwsecurityfocuscom/bid/15336/info Asterisk is prone to an unauthorized-access vulnerability This issue is due to a failure in the application to properly verify user-supplied input Successful exploitation will grant an attacker access to a victim user's voicemail and to any 'wav/WAV' files currently on the affected system ...

References

NVD-CWE-Otherhttp://www.assurance.com.au/advisories/200511-asterisk.txthttp://secunia.com/advisories/17459http://securitytracker.com/id?1015164http://www.securityfocus.com/bid/15336http://osvdb.org/20577http://www.debian.org/security/2006/dsa-1048http://secunia.com/advisories/19872http://www.vupen.com/english/advisories/2005/2346https://exchange.xforce.ibmcloud.com/vulnerabilities/23002http://www.securityfocus.com/archive/1/415990/30/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338116https://nvd.nist.govhttps://www.exploit-db.com/exploits/26475/https://www.debian.org/security/./dsa-1048
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook