Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2008-0095

Published: 08/01/2008 Updated: 15/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Asterisk Appliance Developer Kit

Vulnerability Summary

The SIP channel driver in Asterisk Open Source 1.4.x prior to 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x prior to 1.0.3.4 allows remote malicious users to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.

Vulnerable Product Search on Vulmon Subscribe to Product

asterisk asterisk appliance developer kit

asterisk asterisk business edition

asterisk asterisknow

asterisk open source

asterisk s800i

Exploits

Exploit DB: Asterisk 1.x - BYE Message Remote Denial of Service
source: wwwsecurityfocuscom/bid/27110/info Asterisk is prone to a remote denial-of-service vulnerability Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users BYE sip:303@100015 SIP/20 Via: SIP/20/UDP 1000100:7279;branch=z9hG4bK976ed70381c64bc6a5ec25b6 ...

References

CWE-399http://bugs.digium.com/view.php?id=11637http://downloads.digium.com/pub/security/AST-2008-001.htmlhttp://www.securityfocus.com/bid/27110http://www.securitytracker.com/id?1019152http://secunia.com/advisories/28312http://securityreason.com/securityalert/3520https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.htmlhttp://secunia.com/advisories/28299https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.htmlhttp://www.vupen.com/english/advisories/2008/0019https://exchange.xforce.ibmcloud.com/vulnerabilities/39361http://www.securityfocus.com/archive/1/485727/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/30974/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook