Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2015-3008
HistoryApr 10, 2015 - 3:00 p.m.

CVE-2015-3008

2015-04-1015:00:10
CWE-310
[email protected]
web.nvd.nist.gov
9

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

High

EPSS

0.805

Percentile

98.4%

JSON

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Affected configurations

Nvd
Node
digiumasteriskMatch1.8.0
OR
digiumasteriskMatch1.8.0beta1
OR
digiumasteriskMatch1.8.0beta2
OR
digiumasteriskMatch1.8.0beta3
OR
digiumasteriskMatch1.8.0beta4
OR
digiumasteriskMatch1.8.0beta5
OR
digiumasteriskMatch1.8.0rc2
OR
digiumasteriskMatch1.8.0rc3
OR
digiumasteriskMatch1.8.0rc4
OR
digiumasteriskMatch1.8.0rc5
OR
digiumasteriskMatch1.8.1
OR
digiumasteriskMatch1.8.1rc1
OR
digiumasteriskMatch1.8.1.1
OR
digiumasteriskMatch1.8.1.2
OR
digiumasteriskMatch1.8.2
OR
digiumasteriskMatch1.8.2.1
OR
digiumasteriskMatch1.8.2.2
OR
digiumasteriskMatch1.8.2.3
OR
digiumasteriskMatch1.8.2.4
OR
digiumasteriskMatch1.8.3
OR
digiumasteriskMatch1.8.3rc1
OR
digiumasteriskMatch1.8.3rc2
OR
digiumasteriskMatch1.8.3rc3
OR
digiumasteriskMatch1.8.3.1
OR
digiumasteriskMatch1.8.3.2
OR
digiumasteriskMatch1.8.3.3
OR
digiumasteriskMatch1.8.10.0
OR
digiumasteriskMatch1.8.10.0-
OR
digiumasteriskMatch1.8.10.0rc1
OR
digiumasteriskMatch1.8.10.0rc2
OR
digiumasteriskMatch1.8.10.0rc3
OR
digiumasteriskMatch1.8.10.0rc4
OR
digiumasteriskMatch1.8.10.1
OR
digiumasteriskMatch1.8.11.0
OR
digiumasteriskMatch1.8.11.0-
OR
digiumasteriskMatch1.8.11.0patch
OR
digiumasteriskMatch1.8.11.0rc2
OR
digiumasteriskMatch1.8.11.0rc3
OR
digiumasteriskMatch1.8.11.1
OR
digiumasteriskMatch1.8.11.1-
OR
digiumasteriskMatch1.8.11.1patch
OR
digiumasteriskMatch1.8.12
OR
digiumasteriskMatch1.8.12.0
OR
digiumasteriskMatch1.8.12.0-
OR
digiumasteriskMatch1.8.12.0rc1
OR
digiumasteriskMatch1.8.12.0rc2
OR
digiumasteriskMatch1.8.12.0rc3
OR
digiumasteriskMatch1.8.12.1
OR
digiumasteriskMatch1.8.12.2
OR
digiumasteriskMatch1.8.13.0
OR
digiumasteriskMatch1.8.13.0rc1
OR
digiumasteriskMatch1.8.13.0rc2
OR
digiumasteriskMatch1.8.13.1
OR
digiumasteriskMatch1.8.14.0-
OR
digiumasteriskMatch1.8.14.0patch
OR
digiumasteriskMatch1.8.14.0rc1
OR
digiumasteriskMatch1.8.14.0rc2
OR
digiumasteriskMatch1.8.14.1
OR
digiumasteriskMatch1.8.14.1-
OR
digiumasteriskMatch1.8.14.1patch
OR
digiumasteriskMatch1.8.15.0
OR
digiumasteriskMatch1.8.15.0-
OR
digiumasteriskMatch1.8.15.0rc1
OR
digiumasteriskMatch1.8.15.1
OR
digiumasteriskMatch1.8.16.0
OR
digiumasteriskMatch1.8.16.0-
OR
digiumasteriskMatch1.8.16.0rc1
OR
digiumasteriskMatch1.8.16.0rc2
OR
digiumasteriskMatch1.8.17.0
OR
digiumasteriskMatch1.8.17.0-
OR
digiumasteriskMatch1.8.17.0patch
OR
digiumasteriskMatch1.8.17.0rc1
OR
digiumasteriskMatch1.8.17.0rc2
OR
digiumasteriskMatch1.8.17.0rc3
OR
digiumasteriskMatch1.8.18.0
OR
digiumasteriskMatch1.8.18.0-
OR
digiumasteriskMatch1.8.18.0rc1
OR
digiumasteriskMatch1.8.18.1
OR
digiumasteriskMatch1.8.19.0
OR
digiumasteriskMatch1.8.19.0-
OR
digiumasteriskMatch1.8.19.0rc1
OR
digiumasteriskMatch1.8.19.0rc3
OR
digiumasteriskMatch1.8.19.1
OR
digiumasteriskMatch1.8.20.0-
OR
digiumasteriskMatch1.8.20.0patch
OR
digiumasteriskMatch1.8.20.0rc1
OR
digiumasteriskMatch1.8.20.0rc2
OR
digiumasteriskMatch1.8.20.1-
OR
digiumasteriskMatch1.8.20.1patch
OR
digiumasteriskMatch1.8.20.2-
OR
digiumasteriskMatch1.8.20.2patch
OR
digiumasteriskMatch1.8.21.0-
OR
digiumasteriskMatch1.8.21.0rc1
OR
digiumasteriskMatch1.8.21.0rc2
OR
digiumasteriskMatch1.8.22.0-
OR
digiumasteriskMatch1.8.22.0rc1
OR
digiumasteriskMatch1.8.22.0rc2
OR
digiumasteriskMatch1.8.23.0-
OR
digiumasteriskMatch1.8.23.0patch
OR
digiumasteriskMatch1.8.23.0rc1
OR
digiumasteriskMatch1.8.23.0rc2
OR
digiumasteriskMatch1.8.23.1
OR
digiumasteriskMatch1.8.24.0-
OR
digiumasteriskMatch1.8.24.0rc1
OR
digiumasteriskMatch1.8.24.0rc2
OR
digiumasteriskMatch1.8.24.1
OR
digiumasteriskMatch1.8.25.0-
OR
digiumasteriskMatch1.8.25.0rc1
OR
digiumasteriskMatch1.8.25.0rc2
OR
digiumasteriskMatch1.8.26.0-
OR
digiumasteriskMatch1.8.26.0rc1
OR
digiumasteriskMatch1.8.26.1
OR
digiumasteriskMatch1.8.27.0
OR
digiumasteriskMatch1.8.27.0rc1
OR
digiumasteriskMatch1.8.27.0rc2
OR
digiumasteriskMatch1.8.28.0
OR
digiumasteriskMatch1.8.28.0rc1
OR
digiumasteriskMatch1.8.28.1
OR
digiumasteriskMatch1.8.28.2
OR
digiumasteriskMatch1.8.32.0lts
OR
digiumasteriskMatch11.0.0
OR
digiumasteriskMatch11.0.0beta1
OR
digiumasteriskMatch11.0.0beta2
OR
digiumasteriskMatch11.0.0rc1
OR
digiumasteriskMatch11.0.0rc2
OR
digiumasteriskMatch11.0.1
OR
digiumasteriskMatch11.0.2
OR
digiumasteriskMatch11.1.0
OR
digiumasteriskMatch11.1.0rc1
OR
digiumasteriskMatch11.1.0rc2
OR
digiumasteriskMatch11.1.0rc3
OR
digiumasteriskMatch11.1.1
OR
digiumasteriskMatch11.1.2
OR
digiumasteriskMatch11.2.0rc1
OR
digiumasteriskMatch11.2.0rc2
OR
digiumasteriskMatch11.3.0rc1
OR
digiumasteriskMatch11.3.0rc2
OR
digiumasteriskMatch11.4.0
OR
digiumasteriskMatch11.4.0rc1
OR
digiumasteriskMatch11.4.0rc2
OR
digiumasteriskMatch11.4.0rc3
OR
digiumasteriskMatch11.4.0rc4
OR
digiumasteriskMatch11.5.0
OR
digiumasteriskMatch11.5.0rc1
OR
digiumasteriskMatch11.5.0rc2
OR
digiumasteriskMatch11.5.1
OR
digiumasteriskMatch11.6.0
OR
digiumasteriskMatch11.6.0rc1
OR
digiumasteriskMatch11.6.0rc2
OR
digiumasteriskMatch11.7.0
OR
digiumasteriskMatch11.7.0rc1
OR
digiumasteriskMatch11.7.0rc2
OR
digiumasteriskMatch11.8.0-
OR
digiumasteriskMatch11.8.0rc1
OR
digiumasteriskMatch11.8.0rc2
OR
digiumasteriskMatch11.8.0rc3
OR
digiumasteriskMatch11.8.1
OR
digiumasteriskMatch11.9.0
OR
digiumasteriskMatch11.9.0rc1
OR
digiumasteriskMatch11.9.0rc2
OR
digiumasteriskMatch11.9.0rc3
OR
digiumasteriskMatch11.10.0
OR
digiumasteriskMatch11.10.0rc1
OR
digiumasteriskMatch11.10.1
OR
digiumasteriskMatch11.10.1rc1
OR
digiumasteriskMatch11.11.0
OR
digiumasteriskMatch11.11.0rc1
OR
digiumasteriskMatch11.12.0
OR
digiumasteriskMatch11.12.0rc1
OR
digiumasteriskMatch11.13.0
OR
digiumasteriskMatch11.13.0rc1
OR
digiumasteriskMatch11.14.0lts
OR
digiumasteriskMatch11.14.0rc1
OR
digiumasteriskMatch11.14.0rc2
OR
digiumasteriskMatch11.15.0
OR
digiumasteriskMatch11.16.0
OR
digiumasteriskMatch11.17.0
OR
digiumasteriskMatch12.0.0
OR
digiumasteriskMatch12.1.0-
OR
digiumasteriskMatch12.1.0rc1
OR
digiumasteriskMatch12.1.0rc2
OR
digiumasteriskMatch12.1.0rc3
OR
digiumasteriskMatch12.1.1
OR
digiumasteriskMatch12.2.0
OR
digiumasteriskMatch12.2.0rc1
OR
digiumasteriskMatch12.2.0rc2
OR
digiumasteriskMatch12.2.0rc3
OR
digiumasteriskMatch12.3.0
OR
digiumasteriskMatch12.3.0rc1
OR
digiumasteriskMatch12.3.0rc2
OR
digiumasteriskMatch12.3.1
OR
digiumasteriskMatch12.3.2
OR
digiumasteriskMatch12.4.0
OR
digiumasteriskMatch12.4.0rc1
OR
digiumasteriskMatch12.5.0
OR
digiumasteriskMatch12.5.0rc1
OR
digiumasteriskMatch12.6.0
OR
digiumasteriskMatch12.6.0rc1
OR
digiumasteriskMatch12.7.0lts
OR
digiumasteriskMatch12.7.0standard
OR
digiumasteriskMatch12.7.0rc1
OR
digiumasteriskMatch12.7.0rc2
OR
digiumasteriskMatch12.7.1
OR
digiumasteriskMatch12.8.0
OR
digiumasteriskMatch12.8.0rc1
OR
digiumasteriskMatch12.8.0rc2
OR
digiumasteriskMatch12.8.1
OR
digiumasteriskMatch13.0.0lts
OR
digiumasteriskMatch13.0.1
OR
digiumasteriskMatch13.1.0
OR
digiumasteriskMatch13.1.0rc1
OR
digiumasteriskMatch13.1.0rc2
OR
digiumasteriskMatch13.2.0
OR
digiumasteriskMatch13.2.0rc1
OR
digiumasteriskMatch13.3.0
OR
digiumasteriskMatch13.3.1
OR
digiumcertified_asteriskMatch1.8.0.0-
OR
digiumcertified_asteriskMatch1.8.0.0beta1
OR
digiumcertified_asteriskMatch1.8.0.0beta2
OR
digiumcertified_asteriskMatch1.8.0.0beta3
OR
digiumcertified_asteriskMatch1.8.0.0beta4
OR
digiumcertified_asteriskMatch1.8.0.0beta5
OR
digiumcertified_asteriskMatch1.8.0.0rc1
OR
digiumcertified_asteriskMatch1.8.0.0rc2
OR
digiumcertified_asteriskMatch1.8.0.0rc3
OR
digiumcertified_asteriskMatch1.8.0.0rc4
OR
digiumcertified_asteriskMatch1.8.0.0rc5
OR
digiumcertified_asteriskMatch1.8.1.0-
OR
digiumcertified_asteriskMatch1.8.1.0rc1
OR
digiumcertified_asteriskMatch1.8.2.0-
OR
digiumcertified_asteriskMatch1.8.2.0rc1
OR
digiumcertified_asteriskMatch1.8.3.0-
OR
digiumcertified_asteriskMatch1.8.3.0rc1
OR
digiumcertified_asteriskMatch1.8.3.0rc2
OR
digiumcertified_asteriskMatch1.8.3.0rc3
OR
digiumcertified_asteriskMatch1.8.4.0-
OR
digiumcertified_asteriskMatch1.8.4.0rc1
OR
digiumcertified_asteriskMatch1.8.4.0rc2
OR
digiumcertified_asteriskMatch1.8.4.0rc3
OR
digiumcertified_asteriskMatch1.8.5.0-
OR
digiumcertified_asteriskMatch1.8.5.0rc1
OR
digiumcertified_asteriskMatch1.8.6.0-
OR
digiumcertified_asteriskMatch1.8.6.0rc1
OR
digiumcertified_asteriskMatch1.8.6.0rc2
OR
digiumcertified_asteriskMatch1.8.6.0rc3
OR
digiumcertified_asteriskMatch1.8.7.0-
OR
digiumcertified_asteriskMatch1.8.7.0rc1
OR
digiumcertified_asteriskMatch1.8.7.0rc2
OR
digiumcertified_asteriskMatch1.8.8.0-
OR
digiumcertified_asteriskMatch1.8.8.0rc1
OR
digiumcertified_asteriskMatch1.8.8.0rc2
OR
digiumcertified_asteriskMatch1.8.8.0rc3
OR
digiumcertified_asteriskMatch1.8.8.0rc4
OR
digiumcertified_asteriskMatch1.8.8.0rc5
OR
digiumcertified_asteriskMatch1.8.9.0-
OR
digiumcertified_asteriskMatch1.8.9.0rc1
OR
digiumcertified_asteriskMatch1.8.9.0rc2
OR
digiumcertified_asteriskMatch1.8.9.0rc3
OR
digiumcertified_asteriskMatch1.8.10.0-
OR
digiumcertified_asteriskMatch1.8.10.0rc1
OR
digiumcertified_asteriskMatch1.8.10.0rc2
OR
digiumcertified_asteriskMatch1.8.10.0rc3
OR
digiumcertified_asteriskMatch1.8.10.0rc4
OR
digiumcertified_asteriskMatch1.8.11cert
OR
digiumcertified_asteriskMatch1.8.11cert1
OR
digiumcertified_asteriskMatch1.8.11cert10
OR
digiumcertified_asteriskMatch1.8.11cert2
OR
digiumcertified_asteriskMatch1.8.11cert3
OR
digiumcertified_asteriskMatch1.8.11cert4
OR
digiumcertified_asteriskMatch1.8.11cert5
OR
digiumcertified_asteriskMatch1.8.11cert6
OR
digiumcertified_asteriskMatch1.8.11cert7
OR
digiumcertified_asteriskMatch1.8.11cert8
OR
digiumcertified_asteriskMatch1.8.11cert9
OR
digiumcertified_asteriskMatch1.8.11.0-
OR
digiumcertified_asteriskMatch1.8.11.0rc1
OR
digiumcertified_asteriskMatch1.8.11.0rc2
OR
digiumcertified_asteriskMatch1.8.11.0rc3
OR
digiumcertified_asteriskMatch1.8.12.0-
OR
digiumcertified_asteriskMatch1.8.12.0rc1
OR
digiumcertified_asteriskMatch1.8.12.0rc2
OR
digiumcertified_asteriskMatch1.8.12.0rc3
OR
digiumcertified_asteriskMatch1.8.13.0-
OR
digiumcertified_asteriskMatch1.8.13.0rc1
OR
digiumcertified_asteriskMatch1.8.13.0rc2
OR
digiumcertified_asteriskMatch1.8.14.0rc1
OR
digiumcertified_asteriskMatch1.8.14.0rc2
OR
digiumcertified_asteriskMatch1.8.15-
OR
digiumcertified_asteriskMatch1.8.15cert1
OR
digiumcertified_asteriskMatch1.8.15cert1_rc1
OR
digiumcertified_asteriskMatch1.8.15cert1_rc2
OR
digiumcertified_asteriskMatch1.8.15cert1_rc3
OR
digiumcertified_asteriskMatch1.8.15cert2
OR
digiumcertified_asteriskMatch1.8.15cert3
OR
digiumcertified_asteriskMatch1.8.15cert4
OR
digiumcertified_asteriskMatch1.8.15cert5
OR
digiumcertified_asteriskMatch1.8.15cert6
OR
digiumcertified_asteriskMatch1.8.28cert1lts
OR
digiumcertified_asteriskMatch1.8.28cert2lts
OR
digiumcertified_asteriskMatch1.8.28cert3lts
OR
digiumcertified_asteriskMatch1.8.28cert4lts
OR
digiumcertified_asteriskMatch1.8.28.0lts
OR
digiumcertified_asteriskMatch11.6cert1
OR
digiumcertified_asteriskMatch11.6cert1lts
OR
digiumcertified_asteriskMatch11.6cert1_rc1
OR
digiumcertified_asteriskMatch11.6cert1_rc2
OR
digiumcertified_asteriskMatch11.6cert10lts
OR
digiumcertified_asteriskMatch11.6cert2
OR
digiumcertified_asteriskMatch11.6cert2lts
OR
digiumcertified_asteriskMatch11.6cert3
OR
digiumcertified_asteriskMatch11.6cert3lts
OR
digiumcertified_asteriskMatch11.6cert4lts
OR
digiumcertified_asteriskMatch11.6cert5lts
OR
digiumcertified_asteriskMatch11.6cert6lts
OR
digiumcertified_asteriskMatch11.6cert7lts
OR
digiumcertified_asteriskMatch11.6cert8lts
OR
digiumcertified_asteriskMatch11.6cert9lts
OR
digiumcertified_asteriskMatch11.6.0lts
OR
digiumcertified_asteriskMatch11.6.0-
OR
digiumcertified_asteriskMatch11.6.0rc1
OR
digiumcertified_asteriskMatch11.6.0rc2
OR
digiumcertified_asteriskMatch13.1cert1
VendorProductVersionCPE
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*
digiumasterisk1.8.0cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*
Rows per page:
1-10 of 3221

Related

ubuntucve 1
nessus 6
cve 1
freebsd 1
securityvulns 2
openvas 6
prion 1
debiancve 1
mageia 1
cvelist 1
checkpoint_advisories 1
fedora 1
debian 2
osv 1
ubuntucve
ubuntucve
CVE-2015-3008
2015-04-10 00:00:00
nessus
nessus
FreeBSD : asterisk -- TLS Certificate Common name NULL byte exploit (5fee3f02-de37-11e4-b7c3-001999f8d30b)
2015-04-09 00:00:00
Asterisk TLS Certificate Common Name NULL Byte Vulnerability (AST-2015-003)
2015-04-20 00:00:00
Fedora 22 : asterisk-13.3.2-1.fc22 (2015-5948)
2015-07-22 00:00:00
cve
cve
CVE-2015-3008
2015-04-10 15:00:10
freebsd
freebsd
asterisk -- TLS Certificate Common name NULL byte exploit
2015-04-04 00:00:00
securityvulns
securityvulns
Asterisk certificate validation bypass
2015-04-13 00:00:00
AST-2015-003: TLS Certificate Common name NULL byte exploit
2015-04-13 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0153)
2022-01-28 00:00:00
Asterisk TLS Certificate Common Name NULL Byte Vulnerability (AST-2015-003)
2016-08-08 00:00:00
Fedora Update for asterisk FEDORA-2015-5948
2015-07-22 00:00:00
prion
prion
Design/Logic Flaw
2015-04-10 15:00:00
debiancve
debiancve
CVE-2015-3008
2015-04-10 15:00:10
mageia
mageia
Updated asterisk packages fix CVE-2015-3008
2015-04-15 12:01:28
cvelist
cvelist
CVE-2015-3008
2015-04-10 14:00:00
checkpoint_advisories
checkpoint_advisories
Multiple Vendors TLS Certificate Common Name NULL Byte Input Validation Error (CVE-2015-3008; CVE-2015-3455)
2015-05-21 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: asterisk-13.3.2-1.fc22
2015-07-21 08:17:44
debian
debian
[SECURITY] [DSA 3700-1] asterisk security update
2016-10-25 20:48:34
[SECURITY] [DLA 455-1] asterisk security update
2016-05-03 20:31:18
osv
osv
asterisk - security update
2016-05-03 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

High

EPSS

0.805

Percentile

98.4%

JSON
Related for NVD:CVE-2015-3008
ubuntucve1nessus6cve1freebsd1securityvulns2openvas6prion1debiancve1mageia1cvelist1checkpoint_advisories1fedora1debian2osv1