This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Digium First view 2018-09-24
Product Certified Asterisk Last view 2018-09-24
Version 13.21 Type Application
Update cert1  
Edition *  
Language *  
Sofware Edition lts  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:digium:certified_asterisk

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2018-09-24 CVE-2018-17281

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

Nessus® Vulnerability Scanner

id Description
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-11.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4320.nasl - Type: ACT_GATHER_INFO
2018-09-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1523.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: A telephony application running on the remote host is affected by a remote de...
File: asterisk_ast_2018_009.nasl - Type: ACT_GATHER_INFO
2018-09-24 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_77f67b46bd7511e881b6001999f8d30b.nasl - Type: ACT_GATHER_INFO