Lucene search

K
nvd[email protected]NVD:CVE-2009-3727
HistoryNov 10, 2009 - 6:30 p.m.

CVE-2009-3727

2009-11-1018:30:00
CWE-200
web.nvd.nist.gov
2

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.013

Percentile

85.9%

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.

Affected configurations

NVD
Node
digiumasteriskMatch1.2.0
OR
digiumasteriskMatch1.2.0beta1
OR
digiumasteriskMatch1.2.0beta2
OR
digiumasteriskMatch1.2.0rc1
OR
digiumasteriskMatch1.2.0rc2
OR
digiumasteriskMatch1.2.1
OR
digiumasteriskMatch1.2.2
OR
digiumasteriskMatch1.2.2netsec
OR
digiumasteriskMatch1.2.3
OR
digiumasteriskMatch1.2.3netsec
OR
digiumasteriskMatch1.2.10
OR
digiumasteriskMatch1.2.10netsec
OR
digiumasteriskMatch1.2.11
OR
digiumasteriskMatch1.2.11netsec
OR
digiumasteriskMatch1.2.12
OR
digiumasteriskMatch1.2.12netsec
OR
digiumasteriskMatch1.2.12.1
OR
digiumasteriskMatch1.2.12.1netsec
OR
digiumasteriskMatch1.2.13
OR
digiumasteriskMatch1.2.13netsec
OR
digiumasteriskMatch1.2.14
OR
digiumasteriskMatch1.2.15
OR
digiumasteriskMatch1.2.15netsec
OR
digiumasteriskMatch1.2.16
OR
digiumasteriskMatch1.2.16netsec
OR
digiumasteriskMatch1.2.17
OR
digiumasteriskMatch1.2.17netsec
OR
digiumasteriskMatch1.2.18
OR
digiumasteriskMatch1.2.18netsec
OR
digiumasteriskMatch1.2.19
OR
digiumasteriskMatch1.2.19netsec
OR
digiumasteriskMatch1.2.20
OR
digiumasteriskMatch1.2.20netsec
OR
digiumasteriskMatch1.2.21
OR
digiumasteriskMatch1.2.21netsec
OR
digiumasteriskMatch1.2.21.1
OR
digiumasteriskMatch1.2.21.1netsec
OR
digiumasteriskMatch1.2.22
OR
digiumasteriskMatch1.2.22netsec
OR
digiumasteriskMatch1.2.23
OR
digiumasteriskMatch1.2.23netsec
OR
digiumasteriskMatch1.2.24
OR
digiumasteriskMatch1.2.24netsec
OR
digiumasteriskMatch1.2.25
OR
digiumasteriskMatch1.2.25netsec
OR
digiumasteriskMatch1.2.26
OR
digiumasteriskMatch1.2.26netsec
OR
digiumasteriskMatch1.2.26.1
OR
digiumasteriskMatch1.2.26.1netsec
OR
digiumasteriskMatch1.2.26.2
OR
digiumasteriskMatch1.2.26.2netsec
OR
digiumasteriskMatch1.2.27
OR
digiumasteriskMatch1.2.28
OR
digiumasteriskMatch1.2.28.1
OR
digiumasteriskMatch1.2.29
OR
digiumasteriskMatch1.2.30
OR
digiumasteriskMatch1.2.30.1
OR
digiumasteriskMatch1.2.30.2
OR
digiumasteriskMatch1.2.30.3
OR
digiumasteriskMatch1.2.30.4
OR
digiumasteriskMatch1.2.31
OR
digiumasteriskMatch1.2.31.1
OR
digiumasteriskMatch1.2.32
OR
digiumasteriskMatch1.2.33
OR
digiumasteriskMatch1.2.34
OR
digiumasteriskMatch1.4.0
OR
digiumasteriskMatch1.4.0beta1
OR
digiumasteriskMatch1.4.0beta2
OR
digiumasteriskMatch1.4.0beta3
OR
digiumasteriskMatch1.4.0beta4
OR
digiumasteriskMatch1.4.1
OR
digiumasteriskMatch1.4.2
OR
digiumasteriskMatch1.4.3
OR
digiumasteriskMatch1.4.4
OR
digiumasteriskMatch1.4.5
OR
digiumasteriskMatch1.4.6
OR
digiumasteriskMatch1.4.7
OR
digiumasteriskMatch1.4.7.1
OR
digiumasteriskMatch1.4.8
OR
digiumasteriskMatch1.4.9
OR
digiumasteriskMatch1.4.10
OR
digiumasteriskMatch1.4.10.1
OR
digiumasteriskMatch1.4.11
OR
digiumasteriskMatch1.4.12
OR
digiumasteriskMatch1.4.12.1
OR
digiumasteriskMatch1.4.13
OR
digiumasteriskMatch1.4.14
OR
digiumasteriskMatch1.4.15
OR
digiumasteriskMatch1.4.16
OR
digiumasteriskMatch1.4.16.1
OR
digiumasteriskMatch1.4.16.2
OR
digiumasteriskMatch1.4.17
OR
digiumasteriskMatch1.4.18
OR
digiumasteriskMatch1.4.19
OR
digiumasteriskMatch1.4.19rc1
OR
digiumasteriskMatch1.4.19rc2
OR
digiumasteriskMatch1.4.19rc3
OR
digiumasteriskMatch1.4.19rc4
OR
digiumasteriskMatch1.4.19.1
OR
digiumasteriskMatch1.4.19.2
OR
digiumasteriskMatch1.4.20
OR
digiumasteriskMatch1.4.20rc1
OR
digiumasteriskMatch1.4.20rc2
OR
digiumasteriskMatch1.4.20rc3
OR
digiumasteriskMatch1.4.20.1
OR
digiumasteriskMatch1.4.21
OR
digiumasteriskMatch1.4.21rc1
OR
digiumasteriskMatch1.4.21rc2
OR
digiumasteriskMatch1.4.21.1
OR
digiumasteriskMatch1.4.21.2
OR
digiumasteriskMatch1.4.22
OR
digiumasteriskMatch1.4.22rc1
OR
digiumasteriskMatch1.4.22rc2
OR
digiumasteriskMatch1.4.22rc3
OR
digiumasteriskMatch1.4.22rc4
OR
digiumasteriskMatch1.4.22rc5
OR
digiumasteriskMatch1.4.22.1
OR
digiumasteriskMatch1.4.22.2
OR
digiumasteriskMatch1.4.23
OR
digiumasteriskMatch1.4.23rc1
OR
digiumasteriskMatch1.4.23rc2
OR
digiumasteriskMatch1.4.23rc3
OR
digiumasteriskMatch1.4.23rc4
OR
digiumasteriskMatch1.4.23.1
OR
digiumasteriskMatch1.4.23.2
OR
digiumasteriskMatch1.4.24
OR
digiumasteriskMatch1.4.24rc1
OR
digiumasteriskMatch1.4.24.1
OR
digiumasteriskMatch1.4.25
OR
digiumasteriskMatch1.4.25rc1
OR
digiumasteriskMatch1.4.25.1
OR
digiumasteriskMatch1.4.26
OR
digiumasteriskMatch1.4.26rc1
OR
digiumasteriskMatch1.4.26rc2
OR
digiumasteriskMatch1.4.26rc3
OR
digiumasteriskMatch1.4.26rc4
OR
digiumasteriskMatch1.4.26rc5
OR
digiumasteriskMatch1.4.26rc6
OR
digiumasteriskMatch1.4.26.1
OR
digiumasteriskMatch1.4.26.2
OR
digiumasteriskMatch1.6.0
OR
digiumasteriskMatch1.6.0beta1
OR
digiumasteriskMatch1.6.0beta2
OR
digiumasteriskMatch1.6.0beta3
OR
digiumasteriskMatch1.6.0beta4
OR
digiumasteriskMatch1.6.0beta5
OR
digiumasteriskMatch1.6.0beta6
OR
digiumasteriskMatch1.6.0beta7
OR
digiumasteriskMatch1.6.0beta7.1
OR
digiumasteriskMatch1.6.0beta8
OR
digiumasteriskMatch1.6.0beta9
OR
digiumasteriskMatch1.6.0rc4
OR
digiumasteriskMatch1.6.0rc5
OR
digiumasteriskMatch1.6.0rc6
OR
digiumasteriskMatch1.6.0.1
OR
digiumasteriskMatch1.6.0.2
OR
digiumasteriskMatch1.6.0.3
OR
digiumasteriskMatch1.6.0.3rc1
OR
digiumasteriskMatch1.6.0.4rc1
OR
digiumasteriskMatch1.6.0.5
OR
digiumasteriskMatch1.6.0.6
OR
digiumasteriskMatch1.6.0.7
OR
digiumasteriskMatch1.6.0.8
OR
digiumasteriskMatch1.6.0.9
OR
digiumasteriskMatch1.6.0.10
OR
digiumasteriskMatch1.6.0.11
OR
digiumasteriskMatch1.6.0.11rc1
OR
digiumasteriskMatch1.6.0.11rc2
OR
digiumasteriskMatch1.6.0.14
OR
digiumasteriskMatch1.6.0.14rc1
OR
digiumasteriskMatch1.6.0.15
OR
digiumasteriskMatch1.6.0.16
OR
digiumasteriskMatch1.6.0.16rc1
OR
digiumasteriskMatch1.6.0.16rc2
OR
digiumasteriskMatch1.6.1.0
OR
digiumasteriskMatch1.6.1.0rc2
OR
digiumasteriskMatch1.6.1.0rc3
OR
digiumasteriskMatch1.6.1.0rc4
OR
digiumasteriskMatch1.6.1.0rc5
OR
digiumasteriskMatch1.6.1.1
OR
digiumasteriskMatch1.6.1.2
OR
digiumasteriskMatch1.6.1.3rc1
OR
digiumasteriskMatch1.6.1.4
OR
digiumasteriskMatch1.6.1.5
OR
digiumasteriskMatch1.6.1.5rc1
OR
digiumasteriskMatch1.6.1.6
OR
digiumasteriskMatch1.6.1.7rc1
OR
digiumasteriskMatch1.6.1.7rc2
OR
digiumasteriskMatch1.6.1.8
OR
digiumasteriskMatch1.6.1.10rc1
OR
digiumasteriskMatch1.6.1.10rc2
Node
digiumasterisknowMatch1.5
Node
digiums800iMatch1.3.0
OR
digiums800iMatch1.3.0.2
OR
digiums800iMatch1.3.0.3
OR
digiums800iMatch1.3.0.4
Node
digiumasteriskMatcha-business
OR
digiumasteriskMatchb-business
OR
digiumasteriskMatchb.1.3.2-business
OR
digiumasteriskMatchb.1.3.3-business
OR
digiumasteriskMatchb.2.2.0-business
OR
digiumasteriskMatchb.2.2.1-business
OR
digiumasteriskMatchb.2.3.1-business
OR
digiumasteriskMatchb.2.3.2-business
OR
digiumasteriskMatchb.2.3.3-business
OR
digiumasteriskMatchb.2.3.4-business
OR
digiumasteriskMatchb.2.3.5-business
OR
digiumasteriskMatchb.2.3.6-business
OR
digiumasteriskMatchb.2.5.0-business
OR
digiumasteriskMatchb.2.5.1-business
OR
digiumasteriskMatchb.2.5.2-business
OR
digiumasteriskMatchb.2.5.3-business
OR
digiumasteriskMatchc-business
OR
digiumasteriskMatchc.2.3-business
OR
digiumasteriskMatchc.3.0-business

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.013

Percentile

85.9%