Lucene search
Veracode Vulnerability DatabaseVERACODE:35212HistoryApr 22, 2022 - 7:26 p.m.
Server-side Request Forgery (SSRF)
2022-04-2219:26:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
stir shaken ssrf localhost
EPSS
0.009
Percentile
82.9%
asterisk is vulnerable to server-side request forgery. When using STIR/SHAKEN, an attacker can send arbitrary requests to the interfaces such as localhost by using the Identity header.
References
packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html
downloads.asterisk.org/pub/security/
downloads.asterisk.org/pub/security/AST-2022-002.html
lists.debian.org/debian-lts-announce/2022/11/msg00021.html
security-tracker.debian.org/tracker/CVE-2022-26499
www.debian.org/security/2022/dsa-5285
Related
osv
osv
CVE-2022-26499
2022-04-15 05:15:06
asterisk - security update
2022-11-17 00:00:00
asterisk - security update
2022-11-17 00:00:00
debiancve
debiancve
CVE-2022-26499
2022-04-15 05:15:06
prion
prion
Server side request forgery (ssrf)
2022-04-15 05:15:00
cve
cve
CVE-2022-26499
2022-04-15 05:15:06
ubuntucve
ubuntucve
CVE-2022-26499
2022-04-15 00:00:00
cvelist
cvelist
CVE-2022-26499
2022-04-15 00:00:00
nvd
nvd
CVE-2022-26499
2022-04-15 05:15:06
alpinelinux
alpinelinux
CVE-2022-26499
2022-04-15 05:15:06
nessus
nessus
FreeBSD : Asterisk -- multiple vulnerabilities (8838abf0-bc47-11ec-b516-0897988a1c07)
2022-04-14 00:00:00
Debian DSA-5285-1 : asterisk - security update
2022-11-18 00:00:00
Debian DLA-3194-1 : asterisk - LTS security update
2022-11-19 00:00:00
openvas
openvas
Asterisk Multiple Vulnerabilities (AST-2022-001, AST-2022-002)
2022-03-08 00:00:00
Debian: Security Advisory (DSA-5285-1)
2022-11-19 00:00:00
Debian: Security Advisory (DLA-3194-1)
2022-11-18 00:00:00
freebsd
freebsd
Asterisk -- multiple vulnerabilities
2022-04-14 00:00:00
debian
debian
[SECURITY] [DSA 5285-1] asterisk security update
2022-11-17 21:42:58
[SECURITY] [DLA 3194-1] asterisk security update
2022-11-17 11:35:25