4 matches found
Digium Asterisk WebSocket Denial of Service (CVE-2018-7287)
A denial-of-service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of WebSocket payloads. Successful exploitation would result in a crash of the server process leading to denial of service...
Asterisk 15.x < 15.2.2 Denial of Service Vulnerability (AST-2018-006)
According to its SIP banner, the version of Asterisk running on the remote host is 15.x prior to 15.2.2. It is therefore, affected by a denial of service vulnerability as described in AST-2018-006 advisory. Note that Nessus has not tested for these issues but has instead relied only on the...
CVE-2018-7287
An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...
CVE-2018-7287
CVE-2018-7287 affects Digium/Asterisk 15.x up to 15.2.1. The issue is in the WebSocket handling of the HTTP server (res_http_websocket.c): when WebSocket payloads of size 0 are received (with the HTTP server enabled, default disabled), the code mishandles the payload, causing a busy loop and pote...