CVE-2011-1507

2011-04-2700:55:00

CWE-399

[email protected]

web.nvd.nist.gov

asterisk

open source

cve-2011-1507

denial of service

vulnerability

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON

Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.

CPENameOperatorVersion
digium:asteriskdigium asteriskeq1.4.37
digium:asteriskdigium asteriskeq1.4.26.3
digium:asteriskdigium asteriskeq1.4.22
digium:asteriskdigium asteriskeq1.4.27
digium:asteriskdigium asteriskeq1.4.36
digium:asteriskdigium asteriskeq1.4.26
digium:asteriskdigium asteriskeq1.4.28
digium:asteriskdigium asteriskeq1.4.27.1
digium:asteriskdigium asteriskeq1.4.0
digium:asteriskdigium asteriskeq1.4.35

CPE	Name	Operator	Version
digium:asterisk	digium asterisk	eq	1.4.37
digium:asterisk	digium asterisk	eq	1.4.26.3
digium:asterisk	digium asterisk	eq	1.4.22
digium:asterisk	digium asterisk	eq	1.4.27
digium:asterisk	digium asterisk	eq	1.4.36
digium:asterisk	digium asterisk	eq	1.4.26
digium:asterisk	digium asterisk	eq	1.4.28
digium:asterisk	digium asterisk	eq	1.4.27.1
digium:asterisk	digium asterisk	eq	1.4.0
digium:asterisk	digium asterisk	eq	1.4.35