Asterisk 15.x < 15.2.2 Denial of Service Vulnerability (AST-2018-006)

According to its SIP banner, the version of Asterisk running on the remote host is 15.x prior to 15.2.2. It is therefore, affected by a denial of service vulnerability as described in AST-2018-006 advisory. Note that Nessus has not tested for these issues but has instead relied only on the...

CVE-2018-7287

An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...