This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:asterisk:open_source:1.4.16 |
| Detail | |||
|---|---|---|---|
| Vendor | Asterisk | First view | 2008-01-07 |
| Product | Open Source | Last view | 2012-08-31 |
| Version | 1.4.16 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:asterisk:open_source | ||
Activity : Overall
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 9 | 2012-08-31 | CVE-2012-2186 | Network | Low | Requires ... | |
| 4 | 2012-06-02 | CVE-2012-2948 | Network | Low | Requires ... | |
| 7.8 | 2009-09-08 | CVE-2009-2346 | Network | Low | None Requ... | |
| 7.8 | 2009-08-12 | CVE-2009-2726 | Network | Low | None Requ... | |
| 5 | 2009-01-14 | CVE-2009-0041 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 7.8 | 2008-07-24 | CVE-2008-3264 | Network | Low | None Requ... | |
| 7.1 | 2008-04-23 | CVE-2008-1923 | Network | Medium | None Requ... | |
| 4.3 | 2008-04-23 | CVE-2008-1897 | Network | Medium | None Requ... | |
| 7.5 | 2008-03-24 | CVE-2008-1289 | Network | Low | None Requ... | |
| 8.8 | 2008-03-19 | CVE-2008-1332 | Network | Medium | None Requ... | |
| 5 | 2008-01-07 | CVE-2008-0095 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 30% (3) | CWE-399 | Resource Management Errors |
| 20% (2) | CWE-287 | Improper Authentication |
| 20% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 10% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 10% (1) | CWE-200 | Information Exposure |
| % | id | Name |
|---|---|---|
| 10% (1) | CWE-16 | Configuration |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-2 | Inducing Account Lockout |
| CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
| CAPEC-99 | XML Parser Attack |
| CAPEC-119 | Resource Depletion |
| CAPEC-121 | Locate and Exploit Test APIs |
| id | Name |
|---|---|
| CAPEC-125 | Resource Depletion through Flooding |
| CAPEC-130 | Resource Depletion through Allocation |
| CAPEC-147 | XML Ping of Death |
| CAPEC-197 | XEE (XML Entity Expansion) |
| CAPEC-227 | Denial of Service through Resource Depletion |
| CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
| CAPEC-229 | XML Attribute Blowup |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:7422 | DSA-1563 asterisk -- programming error |
| oval:org.mitre.oval:def:20041 | DSA-1563-1 asterisk - denial of service |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 57762 | Asterisk IAX2 Call Number Resource Exhaustion Remote DoS |
| 56991 | Asterisk Multiple Function Maximum Width Handling Remote DoS |
| 51373 | Asterisk IAX2 User Account Enumeration Weakness |
| 47254 | Asterisk IAX2 FWDOWNL Request Spoofing Remote DoS |
| 44649 | Asterisk Open Source IAX2 Channel Driver (chan_iax2) Spoofed ACK Response Han... |
| id | Description |
|---|---|
| 44648 | Asterisk IAX2 Channel Driver (chan_iax2) Spoofed NEW Message Remote DoS |
| 43416 | Asterisk RTP Payload Handling Multiple Remote Overflows |
| 43415 | Asterisk SIP Channel Driver Unauthenticated Call Remote Privilege Escalation |
| 39841 | Asterisk BYE/Also Transfer Method DoS |
OpenVAS Exploits
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2012-10-03 | Name : Debian Security Advisory DSA 2550-2 (asterisk) File : nvt/deb_2550_2.nasl |
| 2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-15 (asterisk) File : nvt/glsa_201209_15.nasl |
| 2012-09-23 | Name : Debian Security Advisory DSA 2550-1 (asterisk) File : nvt/deb_2550_1.nasl |
| 2012-09-22 | Name : Fedora Update for asterisk FEDORA-2012-13338 File : nvt/gb_fedora_2012_13338_asterisk_fc17.nasl |
| 2012-09-22 | Name : Fedora Update for asterisk FEDORA-2012-13437 File : nvt/gb_fedora_2012_13437_asterisk_fc16.nasl |
| id | Description |
|---|---|
| 2012-08-30 | Name : FreeBSD Ports: asterisk File : nvt/freebsd_asterisk2.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2493-1 (asterisk) File : nvt/deb_2493_1.nasl |
| 2012-08-10 | Name : FreeBSD Ports: asterisk10 File : nvt/freebsd_asterisk10.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-05 (Asterisk) File : nvt/glsa_201206_05.nasl |
| 2012-05-31 | Name : FreeBSD Ports: asterisk16 File : nvt/freebsd_asterisk161.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-20 (asterisk) File : nvt/glsa_201006_20.nasl |
| 2009-12-30 | Name : Debian Security Advisory DSA 1952-1 (asterisk) File : nvt/deb_1952_1.nasl |
| 2009-12-14 | Name : Fedora Core 10 FEDORA-2009-12461 (asterisk) File : nvt/fcore_2009_12461.nasl |
| 2009-12-03 | Name : Fedora Core 10 FEDORA-2009-11126 (asterisk) File : nvt/fcore_2009_11126.nasl |
| 2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9374 (asterisk) File : nvt/fcore_2009_9374.nasl |
| 2009-09-28 | Name : Fedora Core 11 FEDORA-2009-9405 (asterisk) File : nvt/fcore_2009_9405.nasl |
| 2009-09-18 | Name : Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux) File : nvt/secpod_asterisk_iax2_call_number_dos_vuln.nasl |
| 2009-09-02 | Name : Asterisk SIP Channel Driver Denial Of Service Vulnerability (Linux) File : nvt/secpod_asterisk_sip_channel_driver_dos_vuln.nasl |
| 2009-05-05 | Name : Gentoo Security Advisory GLSA 200905-01 (asterisk) File : nvt/glsa_200905_01.nasl |
| 2009-02-17 | Name : Fedora Update for asterisk FEDORA-2008-6676 File : nvt/gb_fedora_2008_6676_asterisk_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for asterisk FEDORA-2008-6853 File : nvt/gb_fedora_2008_6853_asterisk_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for asterisk FEDORA-2008-3365 File : nvt/gb_fedora_2008_3365_asterisk_fc7.nasl |
| 2009-02-17 | Name : Fedora Update for asterisk FEDORA-2008-3390 File : nvt/gb_fedora_2008_3390_asterisk_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for asterisk FEDORA-2008-0198 File : nvt/gb_fedora_2008_0198_asterisk_fc7.nasl |
| 2009-02-17 | Name : Fedora Update for asterisk FEDORA-2008-0199 File : nvt/gb_fedora_2008_0199_asterisk_fc8.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-03-17 | Digium Asterisk SIP channel driver denial of service attempt RuleID : 33445 - Type : PROTOCOL-VOIP - Revision : 2 |
| 2014-01-10 | Digium Asterisk IAX2 call number denial of service RuleID : 21608 - Type : PROTOCOL-VOIP - Revision : 4 |
| 2014-01-10 | Digium Asterisk Attribute header rtpmap field buffer overflow attempt RuleID : 20392 - Type : PROTOCOL-VOIP - Revision : 10 |
| 2014-01-10 | Digium Asterisk Attribute header rtpmap field buffer overflow attempt RuleID : 20391 - Type : PROTOCOL-VOIP - Revision : 10 |
| 2014-01-10 | Attribute header rtpmap field invalid payload type RuleID : 20390 - Type : PROTOCOL-VOIP - Revision : 9 |
| Date | Description |
|---|---|
| 2014-01-10 | Digium Asterisk IAX2 ack response denial of service attempt RuleID : 16445 - Type : PROTOCOL-VOIP - Revision : 11 |
| 2014-01-10 | CSeq buffer overflow attempt RuleID : 16351 - Type : PROTOCOL-VOIP - Revision : 11 |
| 2014-01-10 | Digium Asterisk SIP sscanf denial of service attempt RuleID : 16212 - Type : DOS - Revision : 2 |
| 2014-01-10 | Digium Asterisk SIP sscanf denial of service attempt RuleID : 16211 - Type : DOS - Revision : 2 |
| 2014-01-10 | Digium Asterisk SIP sscanf denial of service attempt RuleID : 16210 - Type : DOS - Revision : 2 |
| 2014-01-10 | Attribute header rtpmap field invalid payload type RuleID : 13693 - Type : PROTOCOL-VOIP - Revision : 12 |
| 2014-01-10 | CSeq buffer overflow attempt RuleID : 11971 - Type : PROTOCOL-VOIP - Revision : 8 |
Nessus® Vulnerability Scanner
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2012-09-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-15.nasl - Type : ACT_GATHER_INFO |
| 2012-09-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2550.nasl - Type : ACT_GATHER_INFO |
| 2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13286.nasl - Type : ACT_GATHER_INFO |
| 2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13338.nasl - Type : ACT_GATHER_INFO |
| 2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13437.nasl - Type : ACT_GATHER_INFO |
| id | Description |
|---|---|
| 2012-09-06 | Name : A telephony application running on the remote host is affected by a security ... File : asterisk_ast_2012_012.nasl - Type : ACT_GATHER_INFO |
| 2012-08-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4c53f007f2ed11e1a21514dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
| 2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2493.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-05.nasl - Type : ACT_GATHER_INFO |
| 2012-06-14 | Name : A telephony application running on the remote host is affected by a denial of... File : asterisk_ast_2012_008.nasl - Type : ACT_GATHER_INFO |
| 2012-05-30 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_359f615da9e111e18a6614dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
| 2010-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-20.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1952.nasl - Type : ACT_GATHER_INFO |
| 2009-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9374.nasl - Type : ACT_GATHER_INFO |
| 2009-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9405.nasl - Type : ACT_GATHER_INFO |
| 2009-09-08 | Name : The remote VoIP service is susceptible to a denial of service attack. File : asterisk_iax2_call_number_dos.nasl - Type : ACT_GATHER_INFO |
| 2009-05-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200905-01.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0984.nasl - Type : ACT_GATHER_INFO |
| 2009-02-13 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-0973.nasl - Type : ACT_GATHER_INFO |
| 2008-08-15 | Name : The remote openSUSE host is missing a security update. File : suse_asterisk-5524.nasl - Type : ACT_GATHER_INFO |
| 2008-07-31 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6853.nasl - Type : ACT_GATHER_INFO |
| 2008-07-24 | Name : The remote VoIP service can be abused to conduct an amplification attack agai... File : asterisk_iax2_spoofed_fwdownl.nasl - Type : ACT_ATTACK |
| 2008-07-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6676.nasl - Type : ACT_GATHER_INFO |
| 2008-05-07 | Name : It is possible to bypass authentication and make calls using the remote VoIP ... File : asterisk_sip_auth_bypass.nasl - Type : ACT_ATTACK |
| 2008-05-06 | Name : The remote VoIP service can be abused to conduct an amplification attack agai... File : asterisk_iax2_spoofed_handshake.nasl - Type : ACT_ATTACK |
