Test Kennung:	1.3.6.1.4.1.25623.1.0.141496
Kategorie:	Denial of Service
Titel:	Asterisk DoS Vulnerability (AST-2018-009)
Zusammenfassung:	Asterisk is prone to a denial of service (DoS) vulnerability.
Beschreibung:	Summary: Asterisk is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker's request causes Asterisk to run out of stack space and crash. Affected Software/OS: Asterisk Open Source versions 13.x, 14.x, 15.x and Certified Asterisk version 13.21. Solution: Update to version 13.23.1, 14.7.8, 15.6.1, 13.21-cert3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-17281 BugTraq ID: 105389 http://www.securityfocus.com/bid/105389 Bugtraq: 20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade (Google Search) https://seclists.org/bugtraq/2018/Sep/53 Debian Security Information: DSA-4320 (Google Search) https://www.debian.org/security/2018/dsa-4320 http://seclists.org/fulldisclosure/2018/Sep/31 https://security.gentoo.org/glsa/201811-11 http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html http://www.securitytracker.com/id/1041694
Copyright	Copyright (C) 2018 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.