This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Digium First view 2007-07-31
Product Asterisk Appliance Developer Kit Last view 2007-07-31
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:digium:asterisk_appliance_developer_kit:0.5.0:*:*:*:*:*:*:* 1
cpe:2.3:a:digium:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
7.5 2007-07-31 CVE-2007-4103

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-772 Missing Release of Resource after Effective Lifetime

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

Open Source Vulnerability Database (OSVDB)

id Description
38197 Asterisk IAX2 Channel Driver (chan_iax2) Incomplete Connection Saturation Rem...

OpenVAS Exploits

id Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200802-11 (asterisk)
File : nvt/glsa_200802_11.nasl

Nessus® Vulnerability Scanner

id Description
2008-02-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200802-11.nasl - Type: ACT_GATHER_INFO