Lucene search

[email protected]NVD:CVE-2013-2686

HistoryApr 01, 2013 - 4:55 p.m.

CVE-2013-2686

2013-04-0116:55:04

CWE-119

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.651 Medium

EPSS

Percentile

97.9%

JSON

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.

Affected configurations

NVD

Node

asteriskopen_sourceMatch1.8.0

asteriskopen_sourceMatch1.8.0beta1

asteriskopen_sourceMatch1.8.0beta2

asteriskopen_sourceMatch1.8.0beta3

asteriskopen_sourceMatch1.8.0beta4

asteriskopen_sourceMatch1.8.0beta5

asteriskopen_sourceMatch1.8.0rc2

asteriskopen_sourceMatch1.8.0rc3

asteriskopen_sourceMatch1.8.0rc4

asteriskopen_sourceMatch1.8.0rc5

asteriskopen_sourceMatch1.8.1

asteriskopen_sourceMatch1.8.1rc1

asteriskopen_sourceMatch1.8.1.1

asteriskopen_sourceMatch1.8.1.2

asteriskopen_sourceMatch1.8.2

asteriskopen_sourceMatch1.8.2rc1

asteriskopen_sourceMatch1.8.2.1

asteriskopen_sourceMatch1.8.2.2

asteriskopen_sourceMatch1.8.2.3

asteriskopen_sourceMatch1.8.2.4

asteriskopen_sourceMatch1.8.3

asteriskopen_sourceMatch1.8.3rc1

asteriskopen_sourceMatch1.8.3rc2

asteriskopen_sourceMatch1.8.3rc3

asteriskopen_sourceMatch1.8.3.1

asteriskopen_sourceMatch1.8.3.2

asteriskopen_sourceMatch1.8.3.3

asteriskopen_sourceMatch1.8.4

asteriskopen_sourceMatch1.8.4rc1

asteriskopen_sourceMatch1.8.4rc2

asteriskopen_sourceMatch1.8.4rc3

asteriskopen_sourceMatch1.8.4.1

asteriskopen_sourceMatch1.8.4.2

asteriskopen_sourceMatch1.8.4.3

asteriskopen_sourceMatch1.8.4.4

asteriskopen_sourceMatch1.8.5rc1

asteriskopen_sourceMatch1.8.5.0

asteriskopen_sourceMatch1.8.6.0

asteriskopen_sourceMatch1.8.6.0rc1

asteriskopen_sourceMatch1.8.6.0rc2

asteriskopen_sourceMatch1.8.6.0rc3

asteriskopen_sourceMatch1.8.7.0

asteriskopen_sourceMatch1.8.7.0rc1

asteriskopen_sourceMatch1.8.7.0rc2

asteriskopen_sourceMatch1.8.7.1

asteriskopen_sourceMatch1.8.7.2

asteriskopen_sourceMatch1.8.8.0

asteriskopen_sourceMatch1.8.8.0rc1

asteriskopen_sourceMatch1.8.8.0rc2

asteriskopen_sourceMatch1.8.8.0rc3

asteriskopen_sourceMatch1.8.8.0rc4

asteriskopen_sourceMatch1.8.8.0rc5

asteriskopen_sourceMatch1.8.8.1

asteriskopen_sourceMatch1.8.8.2

asteriskopen_sourceMatch1.8.9.0

asteriskopen_sourceMatch1.8.9.0rc1

asteriskopen_sourceMatch1.8.9.0rc2

asteriskopen_sourceMatch1.8.9.0rc3

asteriskopen_sourceMatch1.8.9.1

asteriskopen_sourceMatch1.8.9.2

asteriskopen_sourceMatch1.8.9.3

asteriskopen_sourceMatch1.8.10.0

asteriskopen_sourceMatch1.8.10.0rc1

asteriskopen_sourceMatch1.8.10.0rc2

asteriskopen_sourceMatch1.8.10.0rc3

asteriskopen_sourceMatch1.8.10.0rc4

asteriskopen_sourceMatch1.8.10.1

asteriskopen_sourceMatch1.8.11.0

asteriskopen_sourceMatch1.8.11.0rc2

asteriskopen_sourceMatch1.8.11.0rc3

asteriskopen_sourceMatch1.8.11.1

asteriskopen_sourceMatch1.8.12

asteriskopen_sourceMatch1.8.12.0rc1

asteriskopen_sourceMatch1.8.12.0rc2

asteriskopen_sourceMatch1.8.12.0rc3

asteriskopen_sourceMatch1.8.12.1

asteriskopen_sourceMatch1.8.12.2

asteriskopen_sourceMatch1.8.13.0

asteriskopen_sourceMatch1.8.13.0rc1

asteriskopen_sourceMatch1.8.13.0rc2

asteriskopen_sourceMatch1.8.13.1

asteriskopen_sourceMatch1.8.14.0

asteriskopen_sourceMatch1.8.14.0rc1

asteriskopen_sourceMatch1.8.14.0rc2

asteriskopen_sourceMatch1.8.14.1

asteriskopen_sourceMatch1.8.15.0

asteriskopen_sourceMatch1.8.15.0rc1

asteriskopen_sourceMatch1.8.15.1

asteriskopen_sourceMatch1.8.16.0

asteriskopen_sourceMatch1.8.16.0rc1

asteriskopen_sourceMatch1.8.16.0rc2

asteriskopen_sourceMatch1.8.17.0

asteriskopen_sourceMatch1.8.17.0rc1

asteriskopen_sourceMatch1.8.17.0rc2

asteriskopen_sourceMatch1.8.17.0rc3

asteriskopen_sourceMatch1.8.18.0

asteriskopen_sourceMatch1.8.18.0rc1

asteriskopen_sourceMatch1.8.18.1

asteriskopen_sourceMatch1.8.19.0

asteriskopen_sourceMatch1.8.19.0rc1

asteriskopen_sourceMatch1.8.19.0rc3

asteriskopen_sourceMatch1.8.19.1

asteriskopen_sourceMatch1.8.20.0

asteriskopen_sourceMatch1.8.20.0rc1

asteriskopen_sourceMatch1.8.20.0rc2

asteriskopen_sourceMatch1.8.20.1

Node

asteriskopen_sourceMatch10.0.0

asteriskopen_sourceMatch10.0.0beta1

asteriskopen_sourceMatch10.0.0beta2

asteriskopen_sourceMatch10.0.0rc1

asteriskopen_sourceMatch10.0.0rc2

asteriskopen_sourceMatch10.0.0rc3

asteriskopen_sourceMatch10.0.1

asteriskopen_sourceMatch10.1.0

asteriskopen_sourceMatch10.1.0rc1

asteriskopen_sourceMatch10.1.0rc2

asteriskopen_sourceMatch10.1.1

asteriskopen_sourceMatch10.1.2

asteriskopen_sourceMatch10.1.3

asteriskopen_sourceMatch10.2.0

asteriskopen_sourceMatch10.2.0rc1

asteriskopen_sourceMatch10.2.0rc2

asteriskopen_sourceMatch10.2.0rc3

asteriskopen_sourceMatch10.2.0rc4

asteriskopen_sourceMatch10.2.1

asteriskopen_sourceMatch10.3.0

asteriskopen_sourceMatch10.3.0rc2

asteriskopen_sourceMatch10.3.0rc3

asteriskopen_sourceMatch10.3.1

asteriskopen_sourceMatch10.4.0

asteriskopen_sourceMatch10.4.0rc1

asteriskopen_sourceMatch10.4.0rc2

asteriskopen_sourceMatch10.4.0rc3

asteriskopen_sourceMatch10.4.1

asteriskopen_sourceMatch10.4.2

asteriskopen_sourceMatch10.5.0

asteriskopen_sourceMatch10.5.0rc1

asteriskopen_sourceMatch10.5.0rc2

asteriskopen_sourceMatch10.5.1

asteriskopen_sourceMatch10.5.2

asteriskopen_sourceMatch10.6.0

asteriskopen_sourceMatch10.6.0rc1

asteriskopen_sourceMatch10.6.0rc2

asteriskopen_sourceMatch10.6.1

asteriskopen_sourceMatch10.7.0

asteriskopen_sourceMatch10.7.0rc1

asteriskopen_sourceMatch10.7.1

asteriskopen_sourceMatch10.8.0

asteriskopen_sourceMatch10.8.0rc1

asteriskopen_sourceMatch10.8.0rc2

asteriskopen_sourceMatch10.9.0

asteriskopen_sourceMatch10.9.0rc1

asteriskopen_sourceMatch10.9.0rc2

asteriskopen_sourceMatch10.9.0rc3

asteriskopen_sourceMatch10.10.0

asteriskopen_sourceMatch10.10.0rc1

asteriskopen_sourceMatch10.10.0rc2

asteriskopen_sourceMatch10.10.1

asteriskopen_sourceMatch10.11.0

asteriskopen_sourceMatch10.11.0rc1

asteriskopen_sourceMatch10.11.0rc3

asteriskopen_sourceMatch10.11.1

asteriskopen_sourceMatch10.12.0

asteriskopen_sourceMatch10.12.0rc1

asteriskopen_sourceMatch10.12.0rc2

asteriskopen_sourceMatch10.12.1

Node

asteriskopen_sourceMatch11.0.0

asteriskopen_sourceMatch11.0.0beta1

asteriskopen_sourceMatch11.0.0beta2

asteriskopen_sourceMatch11.0.0rc1

asteriskopen_sourceMatch11.0.0rc2

asteriskopen_sourceMatch11.0.1

asteriskopen_sourceMatch11.0.2

asteriskopen_sourceMatch11.1.0

asteriskopen_sourceMatch11.1.0rc1

asteriskopen_sourceMatch11.1.0rc3

asteriskopen_sourceMatch11.1.1

asteriskopen_sourceMatch11.1.2

asteriskopen_sourceMatch11.2.0

asteriskopen_sourceMatch11.2.0rc1

asteriskopen_sourceMatch11.2.0rc2

asteriskopen_sourceMatch11.2.1

Node

asteriskcertified_asteriskMatch1.8.15cert1

asteriskcertified_asteriskMatch1.8.15cert1rc1

asteriskcertified_asteriskMatch1.8.15cert1rc2

asteriskcertified_asteriskMatch1.8.15cert1rc3

asteriskcertified_asteriskMatch1.8.15.0

asteriskcertified_asteriskMatch1.8.15.0rc1

Node

asteriskdigiumphonesMatch10.0.0

asteriskdigiumphonesMatch10.0.0beta1

asteriskdigiumphonesMatch10.0.0beta2

asteriskdigiumphonesMatch10.0.0rc1

asteriskdigiumphonesMatch10.0.0rc2

asteriskdigiumphonesMatch10.0.0rc3

asteriskdigiumphonesMatch10.1.0

asteriskdigiumphonesMatch10.1.0rc1

asteriskdigiumphonesMatch10.1.0rc2

asteriskdigiumphonesMatch10.2.0

asteriskdigiumphonesMatch10.2.0rc1

asteriskdigiumphonesMatch10.2.0rc2

asteriskdigiumphonesMatch10.2.0rc3

asteriskdigiumphonesMatch10.2.0rc4

asteriskdigiumphonesMatch10.3.0

asteriskdigiumphonesMatch10.3.0rc2

asteriskdigiumphonesMatch10.3.0rc3

asteriskdigiumphonesMatch10.4.0

asteriskdigiumphonesMatch10.4.0rc1

asteriskdigiumphonesMatch10.4.0rc2

asteriskdigiumphonesMatch10.4.0rc3

asteriskdigiumphonesMatch10.5.0

asteriskdigiumphonesMatch10.5.0rc1

asteriskdigiumphonesMatch10.5.0rc2

asteriskdigiumphonesMatch10.6.0

asteriskdigiumphonesMatch10.6.0rc1

asteriskdigiumphonesMatch10.6.0rc2

asteriskdigiumphonesMatch10.7.0

asteriskdigiumphonesMatch10.7.0rc1

asteriskdigiumphonesMatch10.8.0

asteriskdigiumphonesMatch10.8.0rc1

asteriskdigiumphonesMatch10.8.0rc2

asteriskdigiumphonesMatch10.9.0rc1

asteriskdigiumphonesMatch10.10.0

asteriskdigiumphonesMatch10.10.0rc1

asteriskdigiumphonesMatch10.10.0rc2

asteriskdigiumphonesMatch10.11.0

asteriskdigiumphonesMatch10.11.0rc1

asteriskdigiumphonesMatch10.11.0rc2

asteriskdigiumphonesMatch10.11.0rc3

asteriskdigiumphonesMatch10.12.0

asteriskdigiumphonesMatch10.12.0rc1

asteriskdigiumphonesMatch10.12.0rc2

asteriskdigiumphonesMatch10.12.1

References

downloads.asterisk.org/pub/security/AST-2013-002.html

telussecuritylabs.com/threats/show/TSL20130327-01

issues.asterisk.org/jira/browse/ASTERISK-20967

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.651 Medium

EPSS

Percentile

97.9%

JSON

Related for NVD:CVE-2013-2686

cve2 cvelist2 checkpoint_advisories1 prion2 ubuntucve2 debiancve2 nessus13 nvd1 securityvulns4 openvas11 fedora4 debian2 freebsd2 osv1 gentoo1 ibm1