Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-3727
HistoryNov 10, 2009 - 12:00 a.m.

CVE-2009-3727

2009-11-1000:00:00
ubuntu.com
ubuntu.com
12

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.013

Percentile

85.9%

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x
before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x
before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2;
AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error
messages depending on whether a SIP username is valid, which allows remote
attackers to enumerate valid usernames via multiple crafted REGISTER
messages with inconsistent usernames in the URI in the To header and the
Digest in the Authorization header.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchasterisk< 1:1.6.2.0~rc2-0ubuntu1.1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.013

Percentile

85.9%