Lucene search

K
nvd[email protected]NVD:CVE-2007-5469
HistoryOct 16, 2007 - 12:17 a.m.

CVE-2007-5469

2007-10-1600:17:00
CWE-264
web.nvd.nist.gov
11

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.01

Percentile

84.1%

OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka “toll fraud and authentication forward attack”). NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons.

Affected configurations

Nvd
Node
openseropenserMatch1.2.2
VendorProductVersionCPE
openseropenser1.2.2cpe:2.3:a:openser:openser:1.2.2:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.01

Percentile

84.1%

Related for NVD:CVE-2007-5469