Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-2264

Published: 01/04/2013 Updated: 01/04/2013
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Open Source

Vulnerability Summary

The SIP channel driver in Asterisk Open Source 1.8.x prior to 1.8.20.2, 10.x prior to 10.12.2, and 11.x prior to 11.2.2; Certified Asterisk 1.8.15 prior to 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones prior to 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote malicious users to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.

Vulnerable Product Search on Vulmon Subscribe to Product

asterisk open source 1.8.1

asterisk open source 1.8.1.1

asterisk open source 1.8.1.2

asterisk open source 1.8.2

asterisk open source 1.8.4

asterisk open source 1.8.7.1

asterisk open source 1.8.7.2

asterisk open source 1.8.8.0

asterisk open source 1.8.9.3

asterisk open source 1.8.10.0

asterisk open source 1.8.13.0

asterisk open source 1.8.13.1

asterisk open source 1.8.17.0

asterisk open source 1.8.18.0

asterisk open source 1.8.18.1

asterisk open source 1.8.0

asterisk open source 1.8.2.4

asterisk open source 1.8.3

asterisk open source 1.8.5

asterisk open source 1.8.5.0

asterisk open source 1.8.6.0

asterisk open source 1.8.8.1

asterisk open source 1.8.8.2

asterisk open source 1.8.9.0

asterisk open source 1.8.11.0

asterisk open source 1.8.11.1

asterisk open source 1.8.12.0

asterisk open source 1.8.15.0

asterisk open source 1.8.15.1

asterisk open source 1.8.16.0

asterisk open source 1.8.20.0

asterisk open source 1.8.20.1

asterisk open source 1.8.2.1

asterisk open source 1.8.2.3

asterisk open source 1.8.3.2

asterisk open source 1.8.4.2

asterisk open source 1.8.4.4

asterisk open source 1.8.7.0

asterisk open source 1.8.9.2

asterisk open source 1.8.10.1

asterisk open source 1.8.12.1

asterisk open source 1.8.14.0

asterisk open source 1.8.14.1

asterisk open source 1.8.19.0

asterisk open source 1.8.2.2

asterisk open source 1.8.3.1

asterisk open source 1.8.3.3

asterisk open source 1.8.4.1

asterisk open source 1.8.4.3

asterisk open source 1.8.9.1

asterisk open source 1.8.12

asterisk open source 1.8.12.2

asterisk open source 1.8.19.1

asterisk open source 10.0.0

asterisk open source 10.0.1

asterisk open source 10.1.0

asterisk open source 10.3.0

asterisk open source 10.3.1

asterisk open source 10.4.0

asterisk open source 10.6.1

asterisk open source 10.7.0

asterisk open source 10.7.1

asterisk open source 10.11.0

asterisk open source 10.11.1

asterisk open source 10.12.0

asterisk open source 10.1.3

asterisk open source 10.2.0

asterisk open source 10.5.0

asterisk open source 10.5.1

asterisk open source 10.9.0

asterisk open source 10.10.0

asterisk open source 10.1.2

asterisk open source 10.2.1

asterisk open source 10.4.1

asterisk open source 10.6.0

asterisk open source 10.8.0

asterisk open source 10.12.1

asterisk open source 10.1.1

asterisk open source 10.4.2

asterisk open source 10.5.2

asterisk open source 10.10.1

asterisk open source 11.1.0

asterisk open source 11.1.1

asterisk open source 11.1.2

asterisk open source 11.2.0

asterisk open source 11.0.0

asterisk open source 11.0.1

asterisk open source 11.0.2

asterisk open source 11.2.1

asterisk certified asterisk 1.8.15

asterisk certified asterisk 1.8.15.0

asterisk business edition c.3.2.2

asterisk business edition c.3.3

asterisk business edition c.3.3.2

asterisk digiumphones 10.12.1

asterisk digiumphones 10.12.0

asterisk digiumphones 10.7.0

asterisk digiumphones 10.6.0

asterisk digiumphones 10.2.0

asterisk digiumphones 10.1.0

asterisk digiumphones 10.11.0

asterisk digiumphones 10.10.0

asterisk digiumphones 10.4.0

asterisk digiumphones 10.0.0

asterisk digiumphones 10.9.0

asterisk digiumphones 10.8.0

asterisk digiumphones 10.5.0

asterisk digiumphones 10.3.0

Vendor Advisories

Debian CVElist Bug Report Logs: asterisk: asterisk security advisories: AST-2013-001 / AST-2013-002 / AST-2013-003
Debian Bug report logs - #704114 asterisk: asterisk security advisories: AST-2013-001 / AST-2013-002 / AST-2013-003 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <car ...

References

CWE-200https://issues.asterisk.org/jira/browse/ASTERISK-21013http://downloads.asterisk.org/pub/security/AST-2013-003.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2024-35894SQLCVE-2024-5105CVE-2014-100005CVE-2024-35895unauthorizedCVE-2024-22120CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook