Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-2686

Published: 01/04/2013 Updated: 01/04/2013
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Open Source

Vulnerability Summary

main/http.c in the HTTP server in Asterisk Open Source 1.8.x prior to 1.8.20.2, 10.x prior to 10.12.2, and 11.x prior to 11.2.2; Certified Asterisk 1.8.15 prior to 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones prior to 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote malicious users to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.

Vulnerable Product Search on Vulmon Subscribe to Product

asterisk open source 1.8.0

asterisk open source 1.8.3

asterisk open source 1.8.6.0

asterisk open source 1.8.8.2

asterisk open source 1.8.9.0

asterisk open source 1.8.11.1

asterisk open source 1.8.12.0

asterisk open source 1.8.15.1

asterisk open source 1.8.16.0

asterisk open source 1.8.20.0

asterisk open source 1.8.20.1

asterisk open source 1.8.1.1

asterisk open source 1.8.1.2

asterisk open source 1.8.2

asterisk open source 1.8.4

asterisk open source 1.8.4.1

asterisk open source 1.8.4.2

asterisk open source 1.8.7.2

asterisk open source 1.8.8.0

asterisk open source 1.8.10.0

asterisk open source 1.8.13.0

asterisk open source 1.8.13.1

asterisk open source 1.8.14.0

asterisk open source 1.8.18.0

asterisk open source 1.8.18.1

asterisk open source 1.8.19.0

asterisk open source 1.8.1

asterisk open source 1.8.2.1

asterisk open source 1.8.2.3

asterisk open source 1.8.3.2

asterisk open source 1.8.4.4

asterisk open source 1.8.5.0

asterisk open source 1.8.7.0

asterisk open source 1.8.8.1

asterisk open source 1.8.9.2

asterisk open source 1.8.10.1

asterisk open source 1.8.11.0

asterisk open source 1.8.12.1

asterisk open source 1.8.14.1

asterisk open source 1.8.15.0

asterisk open source 1.8.17.0

asterisk open source 1.8.2.2

asterisk open source 1.8.2.4

asterisk open source 1.8.3.1

asterisk open source 1.8.3.3

asterisk open source 1.8.4.3

asterisk open source 1.8.5

asterisk open source 1.8.7.1

asterisk open source 1.8.9.1

asterisk open source 1.8.9.3

asterisk open source 1.8.12

asterisk open source 1.8.12.2

asterisk open source 1.8.19.1

asterisk open source 10.0.0

asterisk open source 10.2.0

asterisk open source 10.5.0

asterisk open source 10.5.1

asterisk open source 10.5.2

asterisk open source 10.9.0

asterisk open source 10.10.0

asterisk open source 10.0.1

asterisk open source 10.1.0

asterisk open source 10.3.1

asterisk open source 10.4.0

asterisk open source 10.7.0

asterisk open source 10.7.1

asterisk open source 10.8.0

asterisk open source 10.1.2

asterisk open source 10.2.1

asterisk open source 10.3.0

asterisk open source 10.4.1

asterisk open source 10.6.0

asterisk open source 10.11.0

asterisk open source 10.12.1

asterisk open source 10.1.1

asterisk open source 10.1.3

asterisk open source 10.4.2

asterisk open source 10.6.1

asterisk open source 10.10.1

asterisk open source 10.11.1

asterisk open source 10.12.0

asterisk open source 11.0.0

asterisk open source 11.0.1

asterisk open source 11.0.2

asterisk open source 11.1.0

asterisk open source 11.1.1

asterisk open source 11.2.1

asterisk open source 11.1.2

asterisk open source 11.2.0

asterisk certified asterisk 1.8.15

asterisk certified asterisk 1.8.15.0

asterisk digiumphones 10.8.0

asterisk digiumphones 10.7.0

asterisk digiumphones 10.3.0

asterisk digiumphones 10.2.0

asterisk digiumphones 10.12.0

asterisk digiumphones 10.10.0

asterisk digiumphones 10.6.0

asterisk digiumphones 10.4.0

asterisk digiumphones 10.1.0

asterisk digiumphones 10.0.0

asterisk digiumphones 10.12.1

asterisk digiumphones 10.9.0

asterisk digiumphones 10.11.0

asterisk digiumphones 10.5.0

Vendor Advisories

Debian CVElist Bug Report Logs: asterisk: asterisk security advisories: AST-2013-001 / AST-2013-002 / AST-2013-003
Debian Bug report logs - #704114 asterisk: asterisk security advisories: AST-2013-001 / AST-2013-002 / AST-2013-003 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <car ...

References

CWE-119http://telussecuritylabs.com/threats/show/TSL20130327-01https://issues.asterisk.org/jira/browse/ASTERISK-20967http://downloads.asterisk.org/pub/security/AST-2013-002.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook