4 matches found
Asterisk PJSIP Information Disclosure (CVE-2018-12227)
An information disclosure vulnerability has been reported in Asterisk PJSIP. Successful exploitation could result of endpoint presence disclosure to the remote user...
Asterisk 13.x < 13.21.1 / 14.x < 14.7.7 / 13.13 < 13.18-cert4 / 13.21 < 13.21-cert2 Information Disclosure Vulnerability (AST-2018-008)
According to its SIP banner, the version of Asterisk running on the remote host is 13.x prior to 13.21.1, 14.x prior to 14.7.7, or 13.18 prior to 13.18-cert4. It is therefore, affected by a remote denial of service attack as described in AST-2018-008. Note that Nessus has not tested for these...
CVE-2018-12227
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However,...
CVE-2018-12227
CVE-2018-12227 affects Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 (including Certified Asterisk 13.18-cert4/13.21-cert2). The issue is an information-disclosure in SIP ACL handling: when endpoint-specific ACLs block a request, a 403 is returned; if the en...