Published: 18/04/2014 Updated: 21/04/2014

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

main/http.c in Asterisk Open Source 1.8.x prior to 1.8.26.1, 11.8.x prior to 11.8.1, and 12.1.x prior to 12.1.1, and Certified Asterisk 1.8.x prior to 1.8.15-cert5 and 11.6 prior to 11.6-cert2, allows remote malicious users to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk 12.1.0
digium asterisk 1.8.26.0
digium asterisk 1.8.25.0
digium asterisk 1.8.22.0
digium asterisk 1.8.21.0
digium asterisk 1.8.15.0
digium asterisk 1.8.14.1
digium asterisk 1.8.14.0
digium asterisk 1.8.0
digium asterisk 1.8.10.0
digium asterisk 1.8.10.1
digium asterisk 1.8.11.0
digium asterisk 1.8.15.1
digium asterisk 1.8.19.0
digium asterisk 1.8.19.1
digium asterisk 1.8.2
digium asterisk 1.8.2.1
digium asterisk 1.8.4
digium asterisk 1.8.4.1
digium asterisk 1.8.4.2
digium asterisk 1.8.8.0
fedoraproject fedora 19
digium asterisk 11.8.0
digium asterisk 1.8.24.0
digium asterisk 1.8.23.1
digium asterisk 1.8.23.0
digium asterisk 1.8.20.0
digium asterisk 1.8.11.1
digium asterisk 1.8.1
digium asterisk 1.8.1.1
digium asterisk 1.8.1.2
digium asterisk 1.8.12.0
digium asterisk 1.8.13.0
digium asterisk 1.8.17.0
digium asterisk 1.8.18.0
digium asterisk 1.8.3
digium asterisk 1.8.3.1
digium asterisk 1.8.5.0
digium asterisk 1.8.6.0
digium asterisk 1.8.9.0
digium asterisk 1.8.24.1
digium asterisk 1.8.20.2
digium asterisk 1.8.20.1
digium asterisk 1.8.12.2
digium asterisk 1.8.13.1
digium asterisk 1.8.16.0
digium asterisk 1.8.18.1
digium asterisk 1.8.2.2
digium asterisk 1.8.2.4
digium asterisk 1.8.3.2
digium asterisk 1.8.4.4
digium asterisk 1.8.5
digium asterisk 1.8.7.0
digium asterisk 1.8.7.1
digium asterisk 1.8.8.1
digium asterisk 1.8.9.2
fedoraproject fedora 20
digium asterisk 1.8.12.1
digium asterisk 1.8.12
digium asterisk 1.8.2.3
digium asterisk 1.8.3.3
digium asterisk 1.8.4.3
digium asterisk 1.8.8.2
digium asterisk 1.8.9.1
digium asterisk 1.8.9.3
digium certified asterisk 11.6
digium certified asterisk 1.8.14.0
digium certified asterisk 1.8.13.0
digium certified asterisk 1.8.9.0
digium certified asterisk 1.8.15
digium certified asterisk 1.8.11.0
digium certified asterisk 1.8.10.0
digium certified asterisk 1.8.8.0
digium certified asterisk 1.8.7.0
digium certified asterisk 1.8.3.0
digium certified asterisk 11.6.0
digium certified asterisk 1.8.12.0
digium certified asterisk 1.8.6.0
digium certified asterisk 1.8.4.0
digium certified asterisk 1.8.1.0
digium certified asterisk 1.8.0.0
digium certified asterisk 1.8.2.0
digium certified asterisk 1.8.5.0

Debian Bug report logs - #741313 asterisk: CVE-2014-2286 CVE-2014-2287 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 11 Mar 2014 05:54: ...

CWE-20 http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 http://www.securityfocus.com/bid/66093 https://issues.asterisk.org/jira/browse/ASTERISK-23340 http://downloads.asterisk.org/pub/security/AST-2014-001.html http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313 https://nvd.nist.gov

Get Started

CVE-2014-2286

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect