Lucene search

[email protected]NVD:CVE-2013-2264

HistoryApr 01, 2013 - 4:55 p.m.

CVE-2013-2264

2013-04-0116:55:03

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.005

Percentile

75.4%

JSON

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.

Affected configurations

Nvd

Node

asteriskopen_sourceMatch1.8.0

asteriskopen_sourceMatch1.8.0beta1

asteriskopen_sourceMatch1.8.0beta2

asteriskopen_sourceMatch1.8.0beta3

asteriskopen_sourceMatch1.8.0beta4

asteriskopen_sourceMatch1.8.0beta5

asteriskopen_sourceMatch1.8.0rc2

asteriskopen_sourceMatch1.8.0rc3

asteriskopen_sourceMatch1.8.0rc4

asteriskopen_sourceMatch1.8.0rc5

asteriskopen_sourceMatch1.8.1

asteriskopen_sourceMatch1.8.1rc1

asteriskopen_sourceMatch1.8.1.1

asteriskopen_sourceMatch1.8.1.2

asteriskopen_sourceMatch1.8.2

asteriskopen_sourceMatch1.8.2rc1

asteriskopen_sourceMatch1.8.2.1

asteriskopen_sourceMatch1.8.2.2

asteriskopen_sourceMatch1.8.2.3

asteriskopen_sourceMatch1.8.2.4

asteriskopen_sourceMatch1.8.3

asteriskopen_sourceMatch1.8.3rc1

asteriskopen_sourceMatch1.8.3rc2

asteriskopen_sourceMatch1.8.3rc3

asteriskopen_sourceMatch1.8.3.1

asteriskopen_sourceMatch1.8.3.2

asteriskopen_sourceMatch1.8.3.3

asteriskopen_sourceMatch1.8.4

asteriskopen_sourceMatch1.8.4rc1

asteriskopen_sourceMatch1.8.4rc2

asteriskopen_sourceMatch1.8.4rc3

asteriskopen_sourceMatch1.8.4.1

asteriskopen_sourceMatch1.8.4.2

asteriskopen_sourceMatch1.8.4.3

asteriskopen_sourceMatch1.8.4.4

asteriskopen_sourceMatch1.8.5rc1

asteriskopen_sourceMatch1.8.5.0

asteriskopen_sourceMatch1.8.6.0

asteriskopen_sourceMatch1.8.6.0rc1

asteriskopen_sourceMatch1.8.6.0rc2

asteriskopen_sourceMatch1.8.6.0rc3

asteriskopen_sourceMatch1.8.7.0

asteriskopen_sourceMatch1.8.7.0rc1

asteriskopen_sourceMatch1.8.7.0rc2

asteriskopen_sourceMatch1.8.7.1

asteriskopen_sourceMatch1.8.7.2

asteriskopen_sourceMatch1.8.8.0

asteriskopen_sourceMatch1.8.8.0rc1

asteriskopen_sourceMatch1.8.8.0rc2

asteriskopen_sourceMatch1.8.8.0rc3

asteriskopen_sourceMatch1.8.8.0rc4

asteriskopen_sourceMatch1.8.8.0rc5

asteriskopen_sourceMatch1.8.8.1

asteriskopen_sourceMatch1.8.8.2

asteriskopen_sourceMatch1.8.9.0

asteriskopen_sourceMatch1.8.9.0rc1

asteriskopen_sourceMatch1.8.9.0rc2

asteriskopen_sourceMatch1.8.9.0rc3

asteriskopen_sourceMatch1.8.9.1

asteriskopen_sourceMatch1.8.9.2

asteriskopen_sourceMatch1.8.9.3

asteriskopen_sourceMatch1.8.10.0

asteriskopen_sourceMatch1.8.10.0rc1

asteriskopen_sourceMatch1.8.10.0rc2

asteriskopen_sourceMatch1.8.10.0rc3

asteriskopen_sourceMatch1.8.10.0rc4

asteriskopen_sourceMatch1.8.10.1

asteriskopen_sourceMatch1.8.11.0

asteriskopen_sourceMatch1.8.11.0rc2

asteriskopen_sourceMatch1.8.11.0rc3

asteriskopen_sourceMatch1.8.11.1

asteriskopen_sourceMatch1.8.12

asteriskopen_sourceMatch1.8.12.0rc1

asteriskopen_sourceMatch1.8.12.0rc2

asteriskopen_sourceMatch1.8.12.0rc3

asteriskopen_sourceMatch1.8.12.1

asteriskopen_sourceMatch1.8.12.2

asteriskopen_sourceMatch1.8.13.0

asteriskopen_sourceMatch1.8.13.0rc1

asteriskopen_sourceMatch1.8.13.0rc2

asteriskopen_sourceMatch1.8.13.1

asteriskopen_sourceMatch1.8.14.0

asteriskopen_sourceMatch1.8.14.0rc1

asteriskopen_sourceMatch1.8.14.0rc2

asteriskopen_sourceMatch1.8.14.1

asteriskopen_sourceMatch1.8.15.0

asteriskopen_sourceMatch1.8.15.0rc1

asteriskopen_sourceMatch1.8.15.1

asteriskopen_sourceMatch1.8.16.0

asteriskopen_sourceMatch1.8.16.0rc1

asteriskopen_sourceMatch1.8.16.0rc2

asteriskopen_sourceMatch1.8.17.0

asteriskopen_sourceMatch1.8.17.0rc1

asteriskopen_sourceMatch1.8.17.0rc2

asteriskopen_sourceMatch1.8.17.0rc3

asteriskopen_sourceMatch1.8.18.0

asteriskopen_sourceMatch1.8.18.0rc1

asteriskopen_sourceMatch1.8.18.1

asteriskopen_sourceMatch1.8.19.0

asteriskopen_sourceMatch1.8.19.0rc1

asteriskopen_sourceMatch1.8.19.0rc3

asteriskopen_sourceMatch1.8.19.1

asteriskopen_sourceMatch1.8.20.0

asteriskopen_sourceMatch1.8.20.0rc1

asteriskopen_sourceMatch1.8.20.0rc2

asteriskopen_sourceMatch1.8.20.1

Node

asteriskopen_sourceMatch10.0.0

asteriskopen_sourceMatch10.0.0beta1

asteriskopen_sourceMatch10.0.0beta2

asteriskopen_sourceMatch10.0.0rc1

asteriskopen_sourceMatch10.0.0rc2

asteriskopen_sourceMatch10.0.0rc3

asteriskopen_sourceMatch10.0.1

asteriskopen_sourceMatch10.1.0

asteriskopen_sourceMatch10.1.0rc1

asteriskopen_sourceMatch10.1.0rc2

asteriskopen_sourceMatch10.1.1

asteriskopen_sourceMatch10.1.2

asteriskopen_sourceMatch10.1.3

asteriskopen_sourceMatch10.2.0

asteriskopen_sourceMatch10.2.0rc1

asteriskopen_sourceMatch10.2.0rc2

asteriskopen_sourceMatch10.2.0rc3

asteriskopen_sourceMatch10.2.0rc4

asteriskopen_sourceMatch10.2.1

asteriskopen_sourceMatch10.3.0

asteriskopen_sourceMatch10.3.0rc2

asteriskopen_sourceMatch10.3.0rc3

asteriskopen_sourceMatch10.3.1

asteriskopen_sourceMatch10.4.0

asteriskopen_sourceMatch10.4.0rc1

asteriskopen_sourceMatch10.4.0rc2

asteriskopen_sourceMatch10.4.0rc3

asteriskopen_sourceMatch10.4.1

asteriskopen_sourceMatch10.4.2

asteriskopen_sourceMatch10.5.0

asteriskopen_sourceMatch10.5.0rc1

asteriskopen_sourceMatch10.5.0rc2

asteriskopen_sourceMatch10.5.1

asteriskopen_sourceMatch10.5.2

asteriskopen_sourceMatch10.6.0

asteriskopen_sourceMatch10.6.0rc1

asteriskopen_sourceMatch10.6.0rc2

asteriskopen_sourceMatch10.6.1

asteriskopen_sourceMatch10.7.0

asteriskopen_sourceMatch10.7.0rc1

asteriskopen_sourceMatch10.7.1

asteriskopen_sourceMatch10.8.0

asteriskopen_sourceMatch10.8.0rc1

asteriskopen_sourceMatch10.8.0rc2

asteriskopen_sourceMatch10.9.0

asteriskopen_sourceMatch10.9.0rc1

asteriskopen_sourceMatch10.9.0rc2

asteriskopen_sourceMatch10.9.0rc3

asteriskopen_sourceMatch10.10.0

asteriskopen_sourceMatch10.10.0rc1

asteriskopen_sourceMatch10.10.0rc2

asteriskopen_sourceMatch10.10.1

asteriskopen_sourceMatch10.11.0

asteriskopen_sourceMatch10.11.0rc1

asteriskopen_sourceMatch10.11.0rc3

asteriskopen_sourceMatch10.11.1

asteriskopen_sourceMatch10.12.0

asteriskopen_sourceMatch10.12.0rc1

asteriskopen_sourceMatch10.12.0rc2

asteriskopen_sourceMatch10.12.1

Node

asteriskopen_sourceMatch11.0.0

asteriskopen_sourceMatch11.0.0beta1

asteriskopen_sourceMatch11.0.0beta2

asteriskopen_sourceMatch11.0.0rc1

asteriskopen_sourceMatch11.0.0rc2

asteriskopen_sourceMatch11.0.1

asteriskopen_sourceMatch11.0.2

asteriskopen_sourceMatch11.1.0

asteriskopen_sourceMatch11.1.0rc1

asteriskopen_sourceMatch11.1.0rc3

asteriskopen_sourceMatch11.1.1

asteriskopen_sourceMatch11.1.2

asteriskopen_sourceMatch11.2.0

asteriskopen_sourceMatch11.2.0rc1

asteriskopen_sourceMatch11.2.0rc2

asteriskopen_sourceMatch11.2.1

Node

asteriskcertified_asteriskMatch1.8.15cert1

asteriskcertified_asteriskMatch1.8.15cert1rc1

asteriskcertified_asteriskMatch1.8.15cert1rc2

asteriskcertified_asteriskMatch1.8.15cert1rc3

asteriskcertified_asteriskMatch1.8.15.0

asteriskcertified_asteriskMatch1.8.15.0rc1

Node

asteriskbusiness_editionMatchc.3.2.2

asteriskbusiness_editionMatchc.3.3

asteriskbusiness_editionMatchc.3.3.2

Node

asteriskdigiumphonesMatch10.0.0

asteriskdigiumphonesMatch10.0.0beta1

asteriskdigiumphonesMatch10.0.0beta2

asteriskdigiumphonesMatch10.0.0rc1

asteriskdigiumphonesMatch10.0.0rc2

asteriskdigiumphonesMatch10.0.0rc3

asteriskdigiumphonesMatch10.1.0

asteriskdigiumphonesMatch10.1.0rc1

asteriskdigiumphonesMatch10.1.0rc2

asteriskdigiumphonesMatch10.2.0

asteriskdigiumphonesMatch10.2.0rc1

asteriskdigiumphonesMatch10.2.0rc2

asteriskdigiumphonesMatch10.2.0rc3

asteriskdigiumphonesMatch10.2.0rc4

asteriskdigiumphonesMatch10.3.0

asteriskdigiumphonesMatch10.3.0rc2

asteriskdigiumphonesMatch10.3.0rc3

asteriskdigiumphonesMatch10.4.0

asteriskdigiumphonesMatch10.4.0rc1

asteriskdigiumphonesMatch10.4.0rc2

asteriskdigiumphonesMatch10.4.0rc3

asteriskdigiumphonesMatch10.5.0

asteriskdigiumphonesMatch10.5.0rc1

asteriskdigiumphonesMatch10.5.0rc2

asteriskdigiumphonesMatch10.6.0

asteriskdigiumphonesMatch10.6.0rc1

asteriskdigiumphonesMatch10.6.0rc2

asteriskdigiumphonesMatch10.7.0

asteriskdigiumphonesMatch10.7.0rc1

asteriskdigiumphonesMatch10.8.0

asteriskdigiumphonesMatch10.8.0rc1

asteriskdigiumphonesMatch10.8.0rc2

asteriskdigiumphonesMatch10.9.0rc1

asteriskdigiumphonesMatch10.10.0

asteriskdigiumphonesMatch10.10.0rc1

asteriskdigiumphonesMatch10.10.0rc2

asteriskdigiumphonesMatch10.11.0

asteriskdigiumphonesMatch10.11.0rc1

asteriskdigiumphonesMatch10.11.0rc2

asteriskdigiumphonesMatch10.11.0rc3

asteriskdigiumphonesMatch10.12.0

asteriskdigiumphonesMatch10.12.0rc1

asteriskdigiumphonesMatch10.12.0rc2

asteriskdigiumphonesMatch10.12.1

References

downloads.asterisk.org/pub/security/AST-2013-003.html

issues.asterisk.org/jira/browse/ASTERISK-21013

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.005

Percentile

75.4%

JSON

Related for NVD:CVE-2013-2264

securityvulns2 cvelist1 debiancve1 prion1 ubuntucve1 nessus6 cve1 fedora1 openvas3 freebsd1 gentoo1