Lucene search
PRIOn knowledge basePRION:CVE-2014-2288HistoryApr 18, 2014 - 10:14 p.m.
Cross site request forgery (csrf)
2014-04-1822:14:00
PRIOn knowledge base
www.prio-n.com
7
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency “is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,” allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| asterisk | eq | 12.0.0 | |
| asterisk | eq | 12.1.0 rc3 | |
| asterisk | eq | 12.1.0 rc1 | |
| asterisk | eq | 12.1.0 | |
| asterisk | eq | 12.1.0 rc2 |
References
downloads.asterisk.org/pub/security/AST-2014-003-12.diff
downloads.asterisk.org/pub/security/AST-2014-003.html
issues.asterisk.org/jira/browse/ASTERISK-23210
lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
Related
nvd
nvd
CVE-2014-2288
2014-04-18 22:14:38
nessus
nessus
Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)
2014-03-14 00:00:00
FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)
2014-03-12 00:00:00
Fedora 20 : asterisk-11.8.1-1.fc20 (2014-3762)
2014-03-22 00:00:00
cvelist
cvelist
CVE-2014-2288
2014-04-18 19:00:00
ubuntucve
ubuntucve
CVE-2014-2288
2014-04-18 00:00:00
cve
cve
CVE-2014-2288
2014-04-18 22:14:38
securityvulns
securityvulns
AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver
2014-03-13 00:00:00
Asterisk multiple security vulnerabilities
2014-03-13 00:00:00
debiancve
debiancve
CVE-2014-2288
2014-04-18 22:14:38
freebsd
freebsd
asterisk -- multiple vulnerabilities
2014-03-10 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201405-05
2015-09-29 00:00:00
gentoo
gentoo
Asterisk: Denial of service
2014-05-03 00:00:00