ID de Prueba:	1.3.6.1.4.1.25623.1.0.141496
Categoría:	Denial of Service
Título:	Asterisk DoS Vulnerability (AST-2018-009)
Resumen:	Asterisk is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Asterisk is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker's request causes Asterisk to run out of stack space and crash. Affected Software/OS: Asterisk Open Source versions 13.x, 14.x, 15.x and Certified Asterisk version 13.21. Solution: Update to version 13.23.1, 14.7.8, 15.6.1, 13.21-cert3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-17281 BugTraq ID: 105389 http://www.securityfocus.com/bid/105389 Bugtraq: 20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade (Google Search) https://seclists.org/bugtraq/2018/Sep/53 Debian Security Information: DSA-4320 (Google Search) https://www.debian.org/security/2018/dsa-4320 http://seclists.org/fulldisclosure/2018/Sep/31 https://security.gentoo.org/glsa/201811-11 http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html http://www.securitytracker.com/id/1041694
Copyright	Copyright (C) 2018 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.