Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2012-1184
HistorySep 18, 2012 - 6:55 p.m.

CVE-2012-1184

2012-09-1818:55:04
CWE-119
[email protected]
web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.

Affected configurations

NVD
Node
digiumasteriskMatch1.8.0
OR
digiumasteriskMatch1.8.0beta1
OR
digiumasteriskMatch1.8.0beta2
OR
digiumasteriskMatch1.8.0beta3
OR
digiumasteriskMatch1.8.0beta4
OR
digiumasteriskMatch1.8.0beta5
OR
digiumasteriskMatch1.8.0rc2
OR
digiumasteriskMatch1.8.0rc3
OR
digiumasteriskMatch1.8.0rc4
OR
digiumasteriskMatch1.8.0rc5
OR
digiumasteriskMatch1.8.1.1
OR
digiumasteriskMatch1.8.1.2
OR
digiumasteriskMatch1.8.2
OR
digiumasteriskMatch1.8.2.1
OR
digiumasteriskMatch1.8.2.2
OR
digiumasteriskMatch1.8.2.3
OR
digiumasteriskMatch1.8.2.4
OR
digiumasteriskMatch1.8.3
OR
digiumasteriskMatch1.8.3rc1
OR
digiumasteriskMatch1.8.3rc2
OR
digiumasteriskMatch1.8.3rc3
OR
digiumasteriskMatch1.8.3.1
OR
digiumasteriskMatch1.8.3.2
OR
digiumasteriskMatch1.8.3.3
OR
digiumasteriskMatch1.8.4
OR
digiumasteriskMatch1.8.4rc1
OR
digiumasteriskMatch1.8.4rc2
OR
digiumasteriskMatch1.8.4rc3
OR
digiumasteriskMatch1.8.4.1
OR
digiumasteriskMatch1.8.4.2
OR
digiumasteriskMatch1.8.4.3
OR
digiumasteriskMatch1.8.4.4
OR
digiumasteriskMatch1.8.5
OR
digiumasteriskMatch1.8.5rc1
OR
digiumasteriskMatch1.8.5.0
OR
digiumasteriskMatch1.8.6.0
OR
digiumasteriskMatch1.8.6.0rc1
OR
digiumasteriskMatch1.8.6.0rc2
OR
digiumasteriskMatch1.8.6.0rc3
OR
digiumasteriskMatch1.8.7.0
OR
digiumasteriskMatch1.8.7.0rc1
OR
digiumasteriskMatch1.8.7.0rc2
OR
digiumasteriskMatch1.8.7.1
OR
digiumasteriskMatch1.8.8.0
OR
digiumasteriskMatch1.8.8.0rc1
OR
digiumasteriskMatch1.8.8.0rc2
OR
digiumasteriskMatch1.8.8.0rc3
OR
digiumasteriskMatch1.8.8.0rc4
OR
digiumasteriskMatch1.8.8.0rc5
OR
digiumasteriskMatch1.8.8.1
OR
digiumasteriskMatch1.8.8.2
OR
digiumasteriskMatch1.8.9.0
OR
digiumasteriskMatch1.8.9.0rc1
OR
digiumasteriskMatch1.8.9.0rc2
OR
digiumasteriskMatch1.8.9.0rc3
OR
digiumasteriskMatch1.8.9.1
OR
digiumasteriskMatch1.8.9.2
OR
digiumasteriskMatch1.8.9.3
OR
digiumasteriskMatch1.8.10.0
OR
digiumasteriskMatch1.8.10.0rc1
OR
digiumasteriskMatch1.8.10.0rc2
OR
digiumasteriskMatch1.8.10.0rc3
OR
digiumasteriskMatch1.8.10.0rc4
Node
digiumasteriskMatch10.0.0
OR
digiumasteriskMatch10.0.0beta1
OR
digiumasteriskMatch10.0.0beta2
OR
digiumasteriskMatch10.0.0rc1
OR
digiumasteriskMatch10.0.0rc2
OR
digiumasteriskMatch10.0.0rc3
OR
digiumasteriskMatch10.0.1
OR
digiumasteriskMatch10.1.0
OR
digiumasteriskMatch10.1.0rc1
OR
digiumasteriskMatch10.1.0rc2
OR
digiumasteriskMatch10.1.1
OR
digiumasteriskMatch10.1.2
OR
digiumasteriskMatch10.1.3
OR
digiumasteriskMatch10.2.0
OR
digiumasteriskMatch10.2.0rc1
OR
digiumasteriskMatch10.2.0rc2
OR
digiumasteriskMatch10.2.0rc3
OR
digiumasteriskMatch10.2.0rc4

Related

cvelist 1
cve 1
debiancve 1
nessus 7
openvas 13
ubuntucve 1
prion 1
fedora 5
gentoo 1
cvelist
cvelist
CVE-2012-1184
2012-09-18 18:00:00
cve
cve
CVE-2012-1184
2012-09-18 18:55:04
debiancve
debiancve
CVE-2012-1184
2012-09-18 18:55:04
nessus
nessus
Asterisk ast_parse_digest Function HTTP Digest Authentication String Parsing Remote Overflow (AST-2012-003)
2012-03-22 00:00:00
Fedora 17 : asterisk-10.2.1-1.fc17 (2012-4230)
2012-04-12 00:00:00
Fedora 16 : asterisk-1.8.10.1-1.fc16 (2012-4318)
2012-04-02 00:00:00
openvas
openvas
Asterisk HTTP Manager Buffer Overflow Vulnerability
2012-04-23 00:00:00
Gentoo Security Advisory GLSA 201203-21 (Asterisk)
2012-04-30 00:00:00
Fedora Update for asterisk FEDORA-2012-4318
2012-04-02 00:00:00
ubuntucve
ubuntucve
CVE-2012-1184
2012-09-18 00:00:00
prion
prion
Stack overflow
2012-09-18 18:55:00
fedora
fedora
[SECURITY] Fedora 17 Update: asterisk-10.2.1-1.fc17
2012-04-12 02:04:28
[SECURITY] Fedora 16 Update: asterisk-1.8.10.1-1.fc16
2012-03-31 03:16:38
[SECURITY] Fedora 15 Update: asterisk-1.8.10.1-1.fc15
2012-03-31 03:10:13
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2012-03-28 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON
Related for NVD:CVE-2012-1184
cvelist1cve1debiancve1nessus7openvas13ubuntucve1prion1fedora5gentoo1