Lucene search
RedhatCVELIST:CVE-2009-3727HistoryNov 10, 2009 - 6:00 p.m.
CVE-2009-3727
2009-11-1018:00:00
redhat
raw.githubusercontent.com
1
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
Related
ubuntucve
ubuntucve
CVE-2009-3727
2009-11-10 00:00:00
debiancve
debiancve
CVE-2009-3727
2009-11-10 18:30:00
openvas
openvas
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability (AST-2009-008)
2009-11-10 00:00:00
Gentoo Security Advisory GLSA 201006-20 (asterisk)
2011-03-09 00:00:00
Gentoo Security Advisory GLSA 201006-20 (asterisk)
2011-03-09 00:00:00
prion
prion
Authorization
2009-11-10 18:30:00
cve
cve
CVE-2009-3727
2009-11-10 18:30:00
nessus
nessus
Fedora 10 : asterisk-1.6.0.17-2.fc10 (2009-11126)
2009-11-25 00:00:00
Fedora 11 : asterisk-1.6.1.9-1.fc11 (2009-11070)
2009-11-25 00:00:00
GLSA-201006-20 : Asterisk: Multiple vulnerabilities
2010-06-04 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2010-06-04 00:00:00
osv
osv
asterisk - several vulnerabilities
2009-12-15 00:00:00
debian
debian
[SECURITY] [DSA 1952-1] New asterisk packages fix several vulnerabilities
2009-12-15 13:06:53