Executive Summary

Informations
NameCVE-2011-4597First vendor Publication2011-12-14
VendorCveLast vendor Modification2012-11-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4597

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application208

OpenVAS Exploits

DateDescription
2012-04-02Name : Fedora Update for asterisk FEDORA-2012-4259
File : nvt/gb_fedora_2012_4259_asterisk_fc15.nasl
2012-02-11Name : Debian Security Advisory DSA 2367-1 (asterisk)
File : nvt/deb_2367_1.nasl
0000-00-00Name : FreeBSD Ports: asterisk18
File : nvt/freebsd_asterisk180.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
77597Asterisk Request Response Port SIP Peer Enumeration

Nessus® Vulnerability Scanner

DateDescription
2012-04-02Name : The remote Fedora host is missing a security update.
File : fedora_2012-4259.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2367.nasl - Type : ACT_GATHER_INFO
2011-12-14Name : A telephony application running on the remote host is affected by multiple vu...
File : asterisk_ast_2011_014.nasl - Type : ACT_GATHER_INFO
2011-12-09Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_bb38913721fb11e189b4001ec9578670.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html
CONFIRM http://downloads.asterisk.org/pub/security/AST-2011-013.html
DEBIAN http://www.debian.org/security/2011/dsa-2367
MLIST http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html
http://openwall.com/lists/oss-security/2011/12/09/3
http://openwall.com/lists/oss-security/2011/12/09/4

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2016-06-28 18:54:47
  • Multiple Updates
2016-04-26 21:15:34
  • Multiple Updates
2014-02-17 11:06:24
  • Multiple Updates
2013-05-10 23:11:03
  • Multiple Updates