The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x prior to 1.4.19-rc3 and 1.6.x prior to 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW prior to 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x prior to 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote malicious users to hijack a manager session via a series of ID guesses.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
asterisk asterisk 1.4.1 |
||
asterisk asterisk 1.4.16 |
||
asterisk asterisk 1.4.17 |
||
asterisk asterisk 1.4.8 |
||
asterisk asterisk 1.4.9 |
||
asterisk asterisk appliance developer kit 0.5 |
||
asterisk asterisk appliance developer kit 0.6 |
||
asterisk asterisknow beta_5 |
||
asterisk asterisknow beta_6 |
||
asterisk asterisk 1.4.10 |
||
asterisk asterisk 1.4.11 |
||
asterisk asterisk 1.4.18.1 |
||
asterisk asterisk 1.4.2 |
||
asterisk asterisk 1.4.3 |
||
asterisk asterisk 1.4_beta |
||
asterisk asterisk 1.4_revision_95946 |
||
asterisk asterisk appliance developer kit 0.7 |
||
asterisk asterisk appliance developer kit 0.8 |
||
asterisk asterisknow beta_7 |
||
asterisk s800i 1.0 |
||
asterisk s800i 1.0.1 |
||
asterisk asterisk 1.4.12 |
||
asterisk asterisk 1.4.13 |
||
asterisk asterisk 1.4.4 |
||
asterisk asterisk 1.4.5 |
||
asterisk asterisk 1.6 |
||
asterisk asterisk appliance developer kit 0.2 |
||
asterisk asterisk appliance developer kit 1.4 |
||
asterisk asterisk business edition c.1.0-beta7 |
||
asterisk s800i 1.0.2 |
||
asterisk s800i 1.0.3 |
||
asterisk asterisk 1.4.14 |
||
asterisk asterisk 1.4.15 |
||
asterisk asterisk 1.4.6 |
||
asterisk asterisk 1.4.7 |
||
asterisk asterisk appliance developer kit 0.3 |
||
asterisk asterisk appliance developer kit 0.4 |
||
asterisk asterisk business edition c.1.0-beta8 |
||
asterisk asterisknow 1.0 |
||
asterisk s800i 1.1.0 |
Vulmon