Lucene search
MitreCVELIST:CVE-2013-2264HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-2264
2022-10-0316:14:59
mitre
www.cve.org
1
asterisk
sip
vulnerability
remote attackers
account enumeration
http status codes
forbidden response
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
Related
securityvulns
securityvulns
AST-2013-003: Username disclosure in SIP channel driver
2013-04-01 00:00:00
Asterisk multiple security vulnerabilities
2013-04-01 00:00:00
debiancve
debiancve
CVE-2013-2264
2022-10-03 16:14:59
prion
prion
Code injection
2013-04-01 16:55:00
nvd
nvd
CVE-2013-2264
2013-04-01 16:55:03
ubuntucve
ubuntucve
CVE-2013-2264
2013-04-01 00:00:00
nessus
nessus
Asterisk SIP Channel Driver Username Disclosure (AST-2013-003)
2013-04-10 00:00:00
Fedora 17 : asterisk-10.12.2-1.fc17 (2013-4528)
2013-04-08 00:00:00
cve
cve
CVE-2013-2264
2022-10-03 16:14:59
fedora
fedora
[SECURITY] Fedora 17 Update: asterisk-10.12.2-1.fc17
2013-04-07 00:44:42
openvas
openvas
Fedora Update for asterisk FEDORA-2013-4528
2013-04-08 00:00:00
Fedora Update for asterisk FEDORA-2013-4528
2013-04-08 00:00:00
Gentoo Security Advisory GLSA 201401-15
2015-09-29 00:00:00
freebsd
freebsd
asterisk -- multiple vulnerabilities
2013-03-27 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2014-01-21 00:00:00