Lucene search
HistoryApr 18, 2014 - 10:14 p.m.
CVE-2014-2286
cve-2014-2286
asterisk
open source
certified asterisk
denial of service
stack consumption
remote attack
arbitrary code execution
http header
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.599 Medium
EPSS
Percentile
97.8%
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
Affected configurations
Node
digiumasteriskMatch1.8.0
ORdigiumasteriskMatch1.8.0beta1
ORdigiumasteriskMatch1.8.0beta2
ORdigiumasteriskMatch1.8.0beta3
ORdigiumasteriskMatch1.8.0beta4
ORdigiumasteriskMatch1.8.0beta5
ORdigiumasteriskMatch1.8.0rc2
ORdigiumasteriskMatch1.8.0rc3
ORdigiumasteriskMatch1.8.0rc4
ORdigiumasteriskMatch1.8.0rc5
ORdigiumasteriskMatch1.8.1
ORdigiumasteriskMatch1.8.1rc1
ORdigiumasteriskMatch1.8.1.1
ORdigiumasteriskMatch1.8.1.2
ORdigiumasteriskMatch1.8.2
ORdigiumasteriskMatch1.8.2.1
ORdigiumasteriskMatch1.8.2.2
ORdigiumasteriskMatch1.8.2.3
ORdigiumasteriskMatch1.8.2.4
ORdigiumasteriskMatch1.8.3
ORdigiumasteriskMatch1.8.3rc1
ORdigiumasteriskMatch1.8.3rc2
ORdigiumasteriskMatch1.8.3rc3
ORdigiumasteriskMatch1.8.3.1
ORdigiumasteriskMatch1.8.3.2
ORdigiumasteriskMatch1.8.3.3
ORdigiumasteriskMatch1.8.4
ORdigiumasteriskMatch1.8.4rc1
ORdigiumasteriskMatch1.8.4rc2
ORdigiumasteriskMatch1.8.4rc3
ORdigiumasteriskMatch1.8.4.1
ORdigiumasteriskMatch1.8.4.2
ORdigiumasteriskMatch1.8.4.3
ORdigiumasteriskMatch1.8.4.4
ORdigiumasteriskMatch1.8.5
ORdigiumasteriskMatch1.8.5rc1
ORdigiumasteriskMatch1.8.5.0
ORdigiumasteriskMatch1.8.6.0
ORdigiumasteriskMatch1.8.6.0rc1
ORdigiumasteriskMatch1.8.6.0rc2
ORdigiumasteriskMatch1.8.6.0rc3
ORdigiumasteriskMatch1.8.7.0
ORdigiumasteriskMatch1.8.7.0rc1
ORdigiumasteriskMatch1.8.7.0rc2
ORdigiumasteriskMatch1.8.7.1
ORdigiumasteriskMatch1.8.8.0
ORdigiumasteriskMatch1.8.8.0-
ORdigiumasteriskMatch1.8.8.0patch
ORdigiumasteriskMatch1.8.8.0rc1
ORdigiumasteriskMatch1.8.8.0rc2
ORdigiumasteriskMatch1.8.8.0rc3
ORdigiumasteriskMatch1.8.8.0rc4
ORdigiumasteriskMatch1.8.8.0rc5
ORdigiumasteriskMatch1.8.8.1
ORdigiumasteriskMatch1.8.8.2
ORdigiumasteriskMatch1.8.9.0
ORdigiumasteriskMatch1.8.9.0-
ORdigiumasteriskMatch1.8.9.0rc1
ORdigiumasteriskMatch1.8.9.0rc2
ORdigiumasteriskMatch1.8.9.0rc3
ORdigiumasteriskMatch1.8.9.1
ORdigiumasteriskMatch1.8.9.2
ORdigiumasteriskMatch1.8.9.3
ORdigiumasteriskMatch1.8.10.0
ORdigiumasteriskMatch1.8.10.0-
ORdigiumasteriskMatch1.8.10.0rc1
ORdigiumasteriskMatch1.8.10.0rc2
ORdigiumasteriskMatch1.8.10.0rc3
ORdigiumasteriskMatch1.8.10.0rc4
ORdigiumasteriskMatch1.8.10.1
ORdigiumasteriskMatch1.8.11.0
ORdigiumasteriskMatch1.8.11.0-
ORdigiumasteriskMatch1.8.11.0patch
ORdigiumasteriskMatch1.8.11.0rc2
ORdigiumasteriskMatch1.8.11.0rc3
ORdigiumasteriskMatch1.8.11.1
ORdigiumasteriskMatch1.8.11.1-
ORdigiumasteriskMatch1.8.11.1patch
ORdigiumasteriskMatch1.8.12
ORdigiumasteriskMatch1.8.12.0
ORdigiumasteriskMatch1.8.12.0-
ORdigiumasteriskMatch1.8.12.0rc1
ORdigiumasteriskMatch1.8.12.0rc2
ORdigiumasteriskMatch1.8.12.0rc3
ORdigiumasteriskMatch1.8.12.1
ORdigiumasteriskMatch1.8.12.2
ORdigiumasteriskMatch1.8.13.0
ORdigiumasteriskMatch1.8.13.0rc1
ORdigiumasteriskMatch1.8.13.0rc2
ORdigiumasteriskMatch1.8.13.1
ORdigiumasteriskMatch1.8.14.0-
ORdigiumasteriskMatch1.8.14.0patch
ORdigiumasteriskMatch1.8.14.0rc1
ORdigiumasteriskMatch1.8.14.0rc2
ORdigiumasteriskMatch1.8.14.1
ORdigiumasteriskMatch1.8.14.1-
ORdigiumasteriskMatch1.8.14.1patch
ORdigiumasteriskMatch1.8.15.0
ORdigiumasteriskMatch1.8.15.0-
ORdigiumasteriskMatch1.8.15.0rc1
ORdigiumasteriskMatch1.8.15.1
ORdigiumasteriskMatch1.8.16.0
ORdigiumasteriskMatch1.8.16.0-
ORdigiumasteriskMatch1.8.16.0rc1
ORdigiumasteriskMatch1.8.16.0rc2
ORdigiumasteriskMatch1.8.17.0
ORdigiumasteriskMatch1.8.17.0-
ORdigiumasteriskMatch1.8.17.0patch
ORdigiumasteriskMatch1.8.17.0rc1
ORdigiumasteriskMatch1.8.17.0rc2
ORdigiumasteriskMatch1.8.17.0rc3
ORdigiumasteriskMatch1.8.18.0
ORdigiumasteriskMatch1.8.18.0-
ORdigiumasteriskMatch1.8.18.0rc1
ORdigiumasteriskMatch1.8.18.1
ORdigiumasteriskMatch1.8.19.0
ORdigiumasteriskMatch1.8.19.0-
ORdigiumasteriskMatch1.8.19.0rc1
ORdigiumasteriskMatch1.8.19.0rc3
ORdigiumasteriskMatch1.8.19.1
ORdigiumasteriskMatch1.8.20.0-
ORdigiumasteriskMatch1.8.20.0patch
ORdigiumasteriskMatch1.8.20.0rc1
ORdigiumasteriskMatch1.8.20.0rc2
ORdigiumasteriskMatch1.8.20.1-
ORdigiumasteriskMatch1.8.20.1patch
ORdigiumasteriskMatch1.8.20.2-
ORdigiumasteriskMatch1.8.20.2patch
ORdigiumasteriskMatch1.8.21.0-
ORdigiumasteriskMatch1.8.21.0rc1
ORdigiumasteriskMatch1.8.21.0rc2
ORdigiumasteriskMatch1.8.22.0-
ORdigiumasteriskMatch1.8.22.0rc1
ORdigiumasteriskMatch1.8.22.0rc2
ORdigiumasteriskMatch1.8.23.0-
ORdigiumasteriskMatch1.8.23.0patch
ORdigiumasteriskMatch1.8.23.0rc1
ORdigiumasteriskMatch1.8.23.0rc2
ORdigiumasteriskMatch1.8.23.1
ORdigiumasteriskMatch1.8.24.0-
ORdigiumasteriskMatch1.8.24.0rc1
ORdigiumasteriskMatch1.8.24.0rc2
ORdigiumasteriskMatch1.8.24.1
ORdigiumasteriskMatch1.8.25.0-
ORdigiumasteriskMatch1.8.25.0rc1
ORdigiumasteriskMatch1.8.25.0rc2
ORdigiumasteriskMatch1.8.26.0-
ORdigiumasteriskMatch1.8.26.0rc1
ORdigiumasteriskMatch11.8.0-
ORdigiumasteriskMatch11.8.0rc1
ORdigiumasteriskMatch11.8.0rc2
ORdigiumasteriskMatch11.8.0rc3
ORdigiumasteriskMatch12.1.0-
ORdigiumasteriskMatch12.1.0rc1
ORdigiumasteriskMatch12.1.0rc2
ORdigiumasteriskMatch12.1.0rc3
ORfedoraprojectfedoraMatch19
ORfedoraprojectfedoraMatch20
Node
digiumcertified_asteriskMatch1.8.0.0-
ORdigiumcertified_asteriskMatch1.8.0.0beta1
ORdigiumcertified_asteriskMatch1.8.0.0beta2
ORdigiumcertified_asteriskMatch1.8.0.0beta3
ORdigiumcertified_asteriskMatch1.8.0.0beta4
ORdigiumcertified_asteriskMatch1.8.0.0beta5
ORdigiumcertified_asteriskMatch1.8.0.0rc1
ORdigiumcertified_asteriskMatch1.8.0.0rc2
ORdigiumcertified_asteriskMatch1.8.0.0rc3
ORdigiumcertified_asteriskMatch1.8.0.0rc4
ORdigiumcertified_asteriskMatch1.8.0.0rc5
ORdigiumcertified_asteriskMatch1.8.1.0-
ORdigiumcertified_asteriskMatch1.8.1.0rc1
ORdigiumcertified_asteriskMatch1.8.2.0-
ORdigiumcertified_asteriskMatch1.8.2.0rc1
ORdigiumcertified_asteriskMatch1.8.3.0-
ORdigiumcertified_asteriskMatch1.8.3.0rc1
ORdigiumcertified_asteriskMatch1.8.3.0rc2
ORdigiumcertified_asteriskMatch1.8.3.0rc3
ORdigiumcertified_asteriskMatch1.8.4.0-
ORdigiumcertified_asteriskMatch1.8.4.0rc1
ORdigiumcertified_asteriskMatch1.8.4.0rc2
ORdigiumcertified_asteriskMatch1.8.4.0rc3
ORdigiumcertified_asteriskMatch1.8.5.0-
ORdigiumcertified_asteriskMatch1.8.5.0rc1
ORdigiumcertified_asteriskMatch1.8.6.0-
ORdigiumcertified_asteriskMatch1.8.6.0rc1
ORdigiumcertified_asteriskMatch1.8.6.0rc2
ORdigiumcertified_asteriskMatch1.8.6.0rc3
ORdigiumcertified_asteriskMatch1.8.7.0-
ORdigiumcertified_asteriskMatch1.8.7.0rc1
ORdigiumcertified_asteriskMatch1.8.7.0rc2
ORdigiumcertified_asteriskMatch1.8.8.0-
ORdigiumcertified_asteriskMatch1.8.8.0rc1
ORdigiumcertified_asteriskMatch1.8.8.0rc2
ORdigiumcertified_asteriskMatch1.8.8.0rc3
ORdigiumcertified_asteriskMatch1.8.8.0rc4
ORdigiumcertified_asteriskMatch1.8.8.0rc5
ORdigiumcertified_asteriskMatch1.8.9.0-
ORdigiumcertified_asteriskMatch1.8.9.0rc1
ORdigiumcertified_asteriskMatch1.8.9.0rc2
ORdigiumcertified_asteriskMatch1.8.9.0rc3
ORdigiumcertified_asteriskMatch1.8.10.0-
ORdigiumcertified_asteriskMatch1.8.10.0rc1
ORdigiumcertified_asteriskMatch1.8.10.0rc2
ORdigiumcertified_asteriskMatch1.8.10.0rc3
ORdigiumcertified_asteriskMatch1.8.10.0rc4
ORdigiumcertified_asteriskMatch1.8.11.0-
ORdigiumcertified_asteriskMatch1.8.11.0rc1
ORdigiumcertified_asteriskMatch1.8.11.0rc2
ORdigiumcertified_asteriskMatch1.8.11.0rc3
ORdigiumcertified_asteriskMatch1.8.12.0-
ORdigiumcertified_asteriskMatch1.8.12.0rc1
ORdigiumcertified_asteriskMatch1.8.12.0rc2
ORdigiumcertified_asteriskMatch1.8.12.0rc3
ORdigiumcertified_asteriskMatch1.8.13.0-
ORdigiumcertified_asteriskMatch1.8.13.0rc1
ORdigiumcertified_asteriskMatch1.8.13.0rc2
ORdigiumcertified_asteriskMatch1.8.14.0rc1
ORdigiumcertified_asteriskMatch1.8.14.0rc2
ORdigiumcertified_asteriskMatch1.8.15-
ORdigiumcertified_asteriskMatch1.8.15cert1
ORdigiumcertified_asteriskMatch1.8.15cert1_rc1
ORdigiumcertified_asteriskMatch1.8.15cert1_rc2
ORdigiumcertified_asteriskMatch1.8.15cert1_rc3
ORdigiumcertified_asteriskMatch1.8.15cert2
ORdigiumcertified_asteriskMatch1.8.15cert3
ORdigiumcertified_asteriskMatch1.8.15cert4
ORdigiumcertified_asteriskMatch11.6cert1
ORdigiumcertified_asteriskMatch11.6cert1_rc1
ORdigiumcertified_asteriskMatch11.6cert1_rc2
ORdigiumcertified_asteriskMatch11.6.0-
ORdigiumcertified_asteriskMatch11.6.0rc1
ORdigiumcertified_asteriskMatch11.6.0rc2
References
downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff
downloads.asterisk.org/pub/security/AST-2014-001.html
lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
www.mandriva.com/security/advisories?name=MDVSA-2014:078
www.securityfocus.com/bid/66093
issues.asterisk.org/jira/browse/ASTERISK-23340
Related
securityvulns
securityvulns
AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
2014-03-13 00:00:00
Asterisk multiple security vulnerabilities
2014-03-13 00:00:00
cvelist
cvelist
CVE-2014-2286
2014-04-18 19:00:00
ubuntucve
ubuntucve
CVE-2014-2286
2014-04-18 00:00:00
debiancve
debiancve
CVE-2014-2286
2014-04-18 22:14:37
checkpoint_advisories
checkpoint_advisories
Digium Asterisk Cookie Stack Overflow (CVE-2014-2286)
2014-04-13 00:00:00
nessus
nessus
Asterisk main/http.c DoS (AST-2014-001)
2014-03-14 00:00:00
Mandriva Linux Security Advisory : asterisk (MDVSA-2014:078)
2014-04-17 00:00:00
seebug
seebug
Asterisk特制HTTP Cookie处理拒绝服务漏洞
2014-03-13 00:00:00
prion
prion
Code injection
2014-04-18 22:14:00
nvd
nvd
CVE-2014-2286
2014-04-18 22:14:37
openvas
openvas
Fedora Update for asterisk FEDORA-2014-3762
2014-03-25 00:00:00
Fedora Update for asterisk FEDORA-2014-3779
2014-03-25 00:00:00
Mageia: Security Advisory (MGASA-2014-0172)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: asterisk-11.8.1-1.fc19
2014-03-21 09:29:33
[SECURITY] Fedora 20 Update: asterisk-11.8.1-1.fc20
2014-03-21 09:36:05
mageia
mageia
Updated asterisk packages fix security vulnerabilities
2014-04-15 22:22:45
Updated asterisk packages fix security vulnerabilities
2014-04-15 22:22:45
freebsd
freebsd
asterisk -- multiple vulnerabilities
2014-03-10 00:00:00
gentoo
gentoo
Asterisk: Denial of service
2014-05-03 00:00:00
osv
osv
asterisk - security update
2016-05-03 00:00:00
debian
debian
[SECURITY] [DLA 455-1] asterisk security update
2016-05-03 20:31:18
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.599 Medium
EPSS
Percentile
97.8%
Related for CVE-2014-2286