Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2008-3903

Published: 04/09/2008 Updated: 08/08/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Subscribe to P B X

Vulnerability Summary

Asterisk Open Source 1.2.x prior to 1.2.32, 1.4.x prior to 1.4.24.1, and 1.6.0.x prior to 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x prior to 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote malicious users to enumerate valid usernames.

Vulnerable Product Search on Vulmon Subscribe to Product

asterisk p b x 1.2.22

asterisk p b x 1.4.21.1

asterisk p b x 1.6

trixbox pbx 2.6.1

asterisk p b x 1.2

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-4055: RTP Remote Crash Vulnerability
Debian Bug report logs - #559103 CVE-2009-4055: RTP Remote Crash Vulnerability Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 1 Dec 200 ...
Debian CVElist Bug Report Logs: AST-2009-003: SIP responses expose valid usernames
Debian Bug report logs - #522528 AST-2009-003: SIP responses expose valid usernames Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Tzafrir Cohen <tzafrircohen@xorcomcom> Date: Sat, ...

References

CWE-200http://misel.com/?p=52http://www.vupen.com/english/advisories/2009/0933http://secunia.com/advisories/34982http://www.securityfocus.com/bid/34353http://security.gentoo.org/glsa/glsa-200905-01.xmlhttp://downloads.asterisk.org/pub/security/AST-2009-003.htmlhttp://secunia.com/advisories/37677http://www.debian.org/security/2009/dsa-1952https://exchange.xforce.ibmcloud.com/vulnerabilities/45059https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559103
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook