Lucene search

K

Ubuntu.comUB:CVE-2014-2286

HistoryApr 18, 2014 - 12:00 a.m.

CVE-2014-2286

2014-04-1800:00:00

ubuntu.com

ubuntu.com

8

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.599 Medium

EPSS

Percentile

97.8%

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before
11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before
1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a
denial of service (stack consumption) and possibly execute arbitrary code
via an HTTP request with a large number of Cookie headers.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313>

References

downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff

downloads.asterisk.org/pub/security/AST-2014-001.html

lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html

lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html

www.mandriva.com/security/advisories?name=MDVSA-2014:078

issues.asterisk.org/jira/browse/ASTERISK-23340

launchpad.net/bugs/cve/CVE-2014-2286

nvd.nist.gov/vuln/detail/CVE-2014-2286

security-tracker.debian.org/tracker/CVE-2014-2286

www.cve.org/CVERecord?id=CVE-2014-2286

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.599 Medium

EPSS

Percentile

97.8%

Related for UB:CVE-2014-2286

checkpoint_advisories1 debiancve1 securityvulns2 cvelist1 cve1 nessus7 seebug1 prion1 nvd1 openvas8 fedora2 mageia2 freebsd1 gentoo1 osv1 debian1