Lucene search

Ubuntu.comUB:CVE-2007-5469

HistoryOct 16, 2007 - 12:00 a.m.

CVE-2007-5469

2007-10-1600:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.9%

JSON

DISPUTED OpenSER 1.2.2 does not verify the Digest authentication
header URI against the Request URI in SIP messages, which allows remote
attackers to use sniffed Digest authentication credentials to call
arbitrary telephone numbers or spoof caller ID (aka “toll fraud and
authentication forward attack”). NOTE: Debian disputes this issue, stating
that “having the two URIs mismatch is allowed by the standard and happens
in some setups for valid reasons.”

Notes

Author	Note
kees	I agree with Debian for this.

References

launchpad.net/bugs/cve/CVE-2007-5469

nvd.nist.gov/vuln/detail/CVE-2007-5469

security-tracker.debian.org/tracker/CVE-2007-5469

www.cve.org/CVERecord?id=CVE-2007-5469

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for UB:CVE-2007-5469