Lucene search
RedhatCVELIST:CVE-2011-4597HistoryDec 15, 2011 - 2:00 a.m.
CVE-2011-4597
2011-12-1502:00:00
redhat
www.cve.org
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
References
archives.neohapsis.com/archives/bugtraq/2011-12/0151.html
downloads.asterisk.org/pub/security/AST-2011-013.html
lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html
openwall.com/lists/oss-security/2011/12/09/3
openwall.com/lists/oss-security/2011/12/09/4
osvdb.org/77597
secunia.com/advisories/47273
www.debian.org/security/2011/dsa-2367
Related
cve
cve
CVE-2011-4597
2011-12-15 03:57:34
prion
prion
Code injection
2011-12-15 03:57:00
nvd
nvd
CVE-2011-4597
2011-12-15 03:57:34
securityvulns
securityvulns
Exploit for Asterisk Security Advisory AST-2011-013
2011-12-26 00:00:00
packetstorm
packetstorm
SIP Username Enumerator For Asterisk
2011-12-23 00:00:00
ubuntucve
ubuntucve
CVE-2011-4597
2011-12-15 00:00:00
debiancve
debiancve
CVE-2011-4597
2011-12-15 03:57:34
openvas
openvas
Debian: Security Advisory (DSA-2367-1)
2012-02-11 00:00:00
FreeBSD Ports: asterisk18
2012-02-13 00:00:00
Debian Security Advisory DSA 2367-1 (asterisk)
2012-02-11 00:00:00
nessus
nessus
Debian DSA-2367-1 : asterisk - several vulnerabilities
2012-01-12 00:00:00
Asterisk Multiple Vulnerabilities (AST-2011-013 / AST-2011-014)
2011-12-14 00:00:00
osv
osv
asterisk - several
2011-12-19 00:00:00
n0where
n0where
Node.js VoIP penetration testing frameworkย : Bluebox-ng
2017-11-14 16:01:19
freebsd
freebsd
asterisk -- Multiple Vulnerabilities
2011-12-08 00:00:00
debian
debian
[SECURITY] [DSA 2367-1] asterisk security update
2011-12-19 18:07:53
fedora
fedora
[SECURITY] Fedora 15 Update: asterisk-1.8.10.1-1.fc15
2012-03-31 03:10:13