Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-3727 | First vendor Publication | 2009-11-10 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-20 (asterisk) File : nvt/glsa_201006_20.nasl |
| 2009-12-30 | Name : Debian Security Advisory DSA 1952-1 (asterisk) File : nvt/deb_1952_1.nasl |
| 2009-11-10 | Name : Asterisk SIP Response Username Enumeration Remote Information Disclosure Vuln... File : nvt/asterisk_36924.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 59697 | Asterisk SIP REGISTER Response Username Enumeration Weakness Asterisk contains a flaw that may allow an attacker to determine valid usernames. The issue is triggered when different responses are being sent using a valid or an invalid username in 'REGISTER' messages. This can be exploited to determine valid usernames by sending a specially crafted 'REGISTER' message. . |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-20.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1952.nasl - Type : ACT_GATHER_INFO |
| 2009-11-25 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11070.nasl - Type : ACT_GATHER_INFO |
| 2009-11-25 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11126.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:09:59 |
|
| 2024-11-28 12:20:03 |
|
| 2021-05-04 12:10:21 |
|
| 2021-04-22 01:10:48 |
|
| 2020-05-23 00:24:29 |
|
| 2016-06-28 17:52:23 |
|
| 2016-04-26 19:12:48 |
|
| 2014-02-17 10:52:05 |
|
| 2013-05-10 23:59:49 |
|
