Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2008-3263

Published: 22/07/2008 Updated: 11/10/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Asterisk

Vulnerability Summary

The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x prior to 1.2.30, and 1.4.x prior to 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x prior to 1.2.0.1 allows remote malicious users to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

asterisk asterisk 0.1.2

asterisk asterisk 0.1.0

asterisk asterisk 0.1.4

asterisk asterisk 0.1.5

asterisk asterisk 0.3

asterisk asterisk 0.4

asterisk asterisk 1.0.10

asterisk asterisk 1.0.11

asterisk asterisk 1.0.6

asterisk asterisk 1.0.7

asterisk asterisk 1.2.10

asterisk asterisk 1.2.11

asterisk asterisk 1.2.19

asterisk asterisk 1.2.2

asterisk asterisk 1.2.26

asterisk asterisk 1.2.26.1

asterisk asterisk 1.2.30

asterisk asterisk 1.2.4

asterisk asterisk 0.1.1

asterisk asterisk 0.1.10

asterisk asterisk 0.1.6

asterisk asterisk 0.1.7

asterisk asterisk 0.5.0

asterisk asterisk 0.7.0

asterisk asterisk 1.0.11.1

asterisk asterisk 1.0.12

asterisk asterisk 1.0.8

asterisk asterisk 1.0.9

asterisk asterisk 1.2.12

asterisk asterisk 1.2.13

asterisk asterisk 1.2.20

asterisk asterisk 1.2.21

asterisk asterisk 1.2.26.2

asterisk asterisk 1.2.27

asterisk asterisk 1.2.5

asterisk asterisk 1.2.6

asterisk asterisk 1.2.7

asterisk asterisk 1.4.11

asterisk asterisk 1.4.12

asterisk asterisk 1.4.17

asterisk asterisk 1.4.18

asterisk asterisk 1.4.5

asterisk asterisk 1.4.6

asterisk asterisk 1.4.7

asterisk asterisk a

asterisk asterisk b.1.3.2

asterisk asterisk 0.1.3

asterisk asterisk 0.1.9_1

asterisk asterisk 0.2

asterisk asterisk 0.9.0

asterisk asterisk 1.0

asterisk asterisk 1.0.1

asterisk asterisk 1.0.4

asterisk asterisk 1.0.5

asterisk asterisk 1.2.0_beta2

asterisk asterisk 1.2.1

asterisk asterisk 1.2.17

asterisk asterisk 1.2.18

asterisk asterisk 1.2.24

asterisk asterisk 1.2.25

asterisk asterisk 1.2.29

asterisk asterisk 1.2.3

asterisk asterisk 1.2.9

asterisk asterisk 1.2.9.1

asterisk asterisk 1.4.15

asterisk asterisk 1.4.16

asterisk asterisk 1.4.2

asterisk asterisk 1.4.3

asterisk asterisk 1.4_beta

asterisk asterisk 1.4_revision_95946

asterisk asterisk b.1.3.3

asterisk asterisk b.2.2.0

asterisk asterisk 1.4.1

asterisk asterisk 1.4.10

asterisk asterisk 1.4.16.1

asterisk asterisk 1.4.16.2

asterisk asterisk 1.4.4

asterisk asterisk 1.4.4_2007-04-27

asterisk asterisk 1.6

asterisk asterisk 0.1.11

asterisk asterisk 0.1.12

asterisk asterisk 0.1.8

asterisk asterisk 0.1.9

asterisk asterisk 0.7.1

asterisk asterisk 0.7.2

asterisk asterisk 1.0.2

asterisk asterisk 1.0.3

asterisk asterisk 1.2.0_beta1

asterisk asterisk 1.2.14

asterisk asterisk 1.2.15

asterisk asterisk 1.2.16

asterisk asterisk 1.2.22

asterisk asterisk 1.2.23

asterisk asterisk 1.2.28

asterisk asterisk 1.2.28.1

asterisk asterisk 1.2.7.1

asterisk asterisk 1.2.8

asterisk asterisk 1.4.13

asterisk asterisk 1.4.14

asterisk asterisk 1.4.18.1

asterisk asterisk 1.4.19

asterisk asterisk 1.4.8

asterisk asterisk 1.4.9

Exploits

Exploit DB: Asterisk 1.6 IAX - 'POKE' Requests Remote Denial of Service
source: wwwsecurityfocuscom/bid/30321/info Asterisk is prone to a remote denial-of-service vulnerability because it fails to handle multiple 'POKE' requests in quick succession Attackers can exploit this issue by sending a persistent stream of 'POKE' requests that will consume processor resources and deny service to legitimate users N ...

References

CWE-399http://downloads.securityfocus.com/vulnerabilities/exploits/30321.plhttp://www.securityfocus.com/bid/30321http://secunia.com/advisories/31194http://downloads.digium.com/pub/security/AST-2008-010.htmlhttp://secunia.com/advisories/31178https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.htmlhttp://www.securitytracker.com/id?1020535http://security.gentoo.org/glsa/glsa-200905-01.xmlhttp://secunia.com/advisories/34982http://www.vupen.com/english/advisories/2008/2168/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43942http://www.securityfocus.com/archive/1/494675/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/32095/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook