Lucene search
MitreCVE-2012-3863HistoryJul 09, 2012 - 10:20 a.m.
CVE-2012-3863
2012-07-0910:20:44
CWE-399
mitre
web.nvd.nist.gov
42
4
asterisk
open source
sip
rtp
vulnerability
cve-2012-3863
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
6.1
Confidence
Low
EPSS
0.01
Percentile
84.0%
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
Affected configurations
Node
digiumasterisk_business_editionMatchc.3.1
ORdigiumasterisk_business_editionMatchc.3.3
ORdigiumasterisk_business_editionMatchc.3.7.4
Node
digiumasteriskMatch1.8.0
ORdigiumasteriskMatch1.8.0beta1
ORdigiumasteriskMatch1.8.0beta2
ORdigiumasteriskMatch1.8.0beta3
ORdigiumasteriskMatch1.8.0beta4
ORdigiumasteriskMatch1.8.0beta5
ORdigiumasteriskMatch1.8.0rc2
ORdigiumasteriskMatch1.8.0rc3
ORdigiumasteriskMatch1.8.0rc4
ORdigiumasteriskMatch1.8.0rc5
ORdigiumasteriskMatch1.8.1
ORdigiumasteriskMatch1.8.1rc1
ORdigiumasteriskMatch1.8.1.1
ORdigiumasteriskMatch1.8.1.2
ORdigiumasteriskMatch1.8.2
ORdigiumasteriskMatch1.8.2.1
ORdigiumasteriskMatch1.8.2.2
ORdigiumasteriskMatch1.8.2.3
ORdigiumasteriskMatch1.8.2.4
ORdigiumasteriskMatch1.8.3
ORdigiumasteriskMatch1.8.3rc1
ORdigiumasteriskMatch1.8.3rc2
ORdigiumasteriskMatch1.8.3rc3
ORdigiumasteriskMatch1.8.3.1
ORdigiumasteriskMatch1.8.3.2
ORdigiumasteriskMatch1.8.3.3
ORdigiumasteriskMatch1.8.4
ORdigiumasteriskMatch1.8.4rc1
ORdigiumasteriskMatch1.8.4rc2
ORdigiumasteriskMatch1.8.4rc3
ORdigiumasteriskMatch1.8.4.1
ORdigiumasteriskMatch1.8.4.2
ORdigiumasteriskMatch1.8.4.3
ORdigiumasteriskMatch1.8.4.4
ORdigiumasteriskMatch1.8.5
ORdigiumasteriskMatch1.8.5rc1
ORdigiumasteriskMatch1.8.5.0
ORdigiumasteriskMatch1.8.6.0
ORdigiumasteriskMatch1.8.6.0rc1
ORdigiumasteriskMatch1.8.6.0rc2
ORdigiumasteriskMatch1.8.6.0rc3
ORdigiumasteriskMatch1.8.7.0
ORdigiumasteriskMatch1.8.7.0rc1
ORdigiumasteriskMatch1.8.7.0rc2
ORdigiumasteriskMatch1.8.7.1
ORdigiumasteriskMatch1.8.8.0
ORdigiumasteriskMatch1.8.8.0rc1
ORdigiumasteriskMatch1.8.8.0rc2
ORdigiumasteriskMatch1.8.8.0rc3
ORdigiumasteriskMatch1.8.8.0rc5
ORdigiumasteriskMatch1.8.8.1
ORdigiumasteriskMatch1.8.8.2
ORdigiumasteriskMatch1.8.9.0
ORdigiumasteriskMatch1.8.9.0rc1
ORdigiumasteriskMatch1.8.9.0rc2
ORdigiumasteriskMatch1.8.9.0rc3
ORdigiumasteriskMatch1.8.9.2
ORdigiumasteriskMatch1.8.9.3
ORdigiumasteriskMatch1.8.11.0
ORdigiumasteriskMatch1.8.11.0rc2
ORdigiumasteriskMatch1.8.11.0rc3
ORdigiumasteriskMatch1.8.11.1
ORdigiumasteriskMatch1.8.13.0
ORdigiumasteriskMatch1.8.13.0rc1
ORdigiumasteriskMatch1.8.13.0rc2
ORdigiumasteriskeMatch1.8.8.0rc4
ORdigiumasteriskeMatch1.8.9.1
ORdigiumcertified_asteriskMatch1.8.11cert
ORdigiumcertified_asteriskMatch1.8.11cert1
Node
digiumasteriskMatch10.0.0digiumphones
ORdigiumasteriskMatch10.0.0beta1digiumphones
ORdigiumasteriskMatch10.0.0beta2digiumphones
ORdigiumasteriskMatch10.0.0rc1digiumphones
ORdigiumasteriskMatch10.0.0rc2digiumphones
ORdigiumasteriskMatch10.0.0rc3digiumphones
ORdigiumasteriskMatch10.1.0digiumphones
ORdigiumasteriskMatch10.1.0rc1digiumphones
ORdigiumasteriskMatch10.1.0rc2digiumphones
ORdigiumasteriskMatch10.2.0digiumphones
ORdigiumasteriskMatch10.2.0rc1digiumphones
ORdigiumasteriskMatch10.2.0rc2digiumphones
ORdigiumasteriskMatch10.2.0rc3digiumphones
ORdigiumasteriskMatch10.2.0rc4digiumphones
ORdigiumasteriskMatch10.3.0digiumphones
ORdigiumasteriskMatch10.3.0rc2digiumphones
ORdigiumasteriskMatch10.3.0rc3digiumphones
ORdigiumasteriskMatch10.4.0digiumphones
ORdigiumasteriskMatch10.4.0rc1digiumphones
ORdigiumasteriskMatch10.4.0rc2digiumphones
ORdigiumasteriskMatch10.5.0digiumphones
ORdigiumasteriskMatch10.5.0rc1digiumphones
ORdigiumasteriskMatch10.5.0rc2digiumphones
ORdigiumasteriskMatch10.5.1digiumphones
Node
digiumasteriskMatch10.0.0
ORdigiumasteriskMatch10.0.0beta1
ORdigiumasteriskMatch10.0.0beta2
ORdigiumasteriskMatch10.0.0rc1
ORdigiumasteriskMatch10.0.0rc2
ORdigiumasteriskMatch10.0.0rc3
ORdigiumasteriskMatch10.0.1
ORdigiumasteriskMatch10.1.0
ORdigiumasteriskMatch10.1.0rc1
ORdigiumasteriskMatch10.1.0rc2
ORdigiumasteriskMatch10.1.1
ORdigiumasteriskMatch10.1.2
ORdigiumasteriskMatch10.1.3
ORdigiumasteriskMatch10.2.0
ORdigiumasteriskMatch10.2.0rc1
ORdigiumasteriskMatch10.2.0rc2
ORdigiumasteriskMatch10.2.0rc3
ORdigiumasteriskMatch10.2.0rc4
ORdigiumasteriskMatch10.2.1
ORdigiumasteriskMatch10.3.0
ORdigiumasteriskMatch10.3.0rc2
ORdigiumasteriskMatch10.3.0rc3
ORdigiumasteriskMatch10.3.1
ORdigiumasteriskMatch10.4.0
ORdigiumasteriskMatch10.4.0rc1
ORdigiumasteriskMatch10.4.0rc2
ORdigiumasteriskMatch10.4.0rc3
ORdigiumasteriskMatch10.4.1
ORdigiumasteriskMatch10.4.2
ORdigiumasteriskMatch10.5.0
ORdigiumasteriskMatch10.5.0rc1
ORdigiumasteriskMatch10.5.0rc2
ORdigiumasteriskMatch10.5.1
Node
digiumcertified_asteriskMatch1.8.11cert
ORdigiumcertified_asteriskMatch1.8.11cert1
ORdigiumcertified_asteriskMatch1.8.11cert2
ORdigiumcertified_asteriskMatch1.8.11cert3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| digium | asterisk_business_edition | c.3.1 | cpe:2.3:a:digium:asterisk_business_edition:c.3.1:*:*:*:*:*:*:* |
| digium | asterisk_business_edition | c.3.3 | cpe:2.3:a:digium:asterisk_business_edition:c.3.3:*:*:*:*:*:*:* |
| digium | asterisk_business_edition | c.3.7.4 | cpe:2.3:a:digium:asterisk_business_edition:c.3.7.4:*:*:*:*:*:*:* |
| digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:* |
| digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:* |
| digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:* |
| digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:* |
| digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:* |
| digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:* |
| digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:* |
References
Social References
More
Related
ubuntucve
ubuntucve
CVE-2012-3863
2012-07-09 00:00:00
nvd
nvd
CVE-2012-3863
2012-07-09 10:20:44
prion
prion
Cross site request forgery (csrf)
2012-07-09 10:20:00
cvelist
cvelist
CVE-2012-3863
2012-07-09 10:00:00
nessus
nessus
Asterisk Endpoint Provisional Response Parsing RTP Port Consumption Remote DoS (AST-2012-010)
2012-07-19 00:00:00
Fedora 17 : asterisk-10.5.2-1.fc17 (2012-10324)
2012-07-20 00:00:00
GLSA-201209-15 : Asterisk: Multiple vulnerabilities
2012-09-27 00:00:00
debiancve
debiancve
CVE-2012-3863
2012-07-09 10:20:44
openvas
openvas
Fedora Update for asterisk FEDORA-2012-10324
2012-08-30 00:00:00
Fedora Update for asterisk FEDORA-2012-10324
2012-08-30 00:00:00
Debian Security Advisory DSA 2550-1 (asterisk)
2012-09-23 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: asterisk-10.5.2-1.fc17
2012-07-20 01:57:54
debian
debian
[SECURITY] [DSA 2550-1] asterisk security update
2012-09-18 17:18:45
[SECURITY] [DSA 2550-2] asterisk regression update
2012-09-26 16:05:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2012-09-26 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
6.1
Confidence
Low
EPSS
0.01
Percentile
84.0%
Related for CVE-2012-3863