Published: 22/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in res_http_websocket.c in Asterisk 15.x up to and including 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk 15.0.0
digium asterisk 15.1.0
digium asterisk 15.2.0
digium asterisk 15.2.1
digium asterisk 15.1.2
digium asterisk 15.1.4
digium asterisk 15.1.1
digium asterisk 15.1.3
digium asterisk 15.1.5

Debian Bug report logs - #891227 asterisk: CVE-2018-7284: AST-2018-004: Crash when receiving SUBSCRIBE request Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Feb 2018 15:09:02 UTC ...

CWE-754 https://issues.asterisk.org/jira/browse/ASTERISK-27658 http://downloads.digium.com/pub/security/AST-2018-006.html http://www.securitytracker.com/id/1040419 http://www.securityfocus.com/bid/103120 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891227

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-7287

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect