Lucene search
HistoryMar 22, 2007 - 11:19 p.m.
CVE-2007-1595
asterisk
extension language
ael
pbx_ael.c
nvd
cve-2007-1595
security vulnerability
7.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.03 Low
EPSS
Percentile
91.0%
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
| CPE | Name | Operator | Version |
|---|---|---|---|
| asterisk:asterisk | asterisk | eq | 1.2.13 |
References
Social References
More
Related
debiancve
debiancve
CVE-2007-1595
2007-03-22 23:19:00
prion
prion
Code injection
2007-03-22 23:19:00
ubuntucve
ubuntucve
CVE-2007-1595
2007-03-22 00:00:00
cvelist
cvelist
CVE-2007-1595
2007-03-22 23:00:00
securityvulns
securityvulns
Asterisk PBX SIP DoS
2007-03-22 00:00:00
nessus
nessus
openSUSE 10 Security Update : asterisk (asterisk-3543)
2007-10-17 00:00:00
suse
suse
remote denial of service in asterisk
2007-06-06 17:11:13
openvas
openvas
SuSE Update for asterisk SUSE-SA:2007:034
2009-01-28 00:00:00
7.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.03 Low
EPSS
Percentile
91.0%
Related for CVE-2007-1595