5

CVE-2007-5469

EPSS 0.81%
Veröffentlicht 16.10.2007 00:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").  NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openser ≫ Openser Version1.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.81%	0.737

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html

http://www.securityfocus.com/bid/26057

https://exchange.xforce.ibmcloud.com/vulnerabilities/37197

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446956

http://secunia.com/advisories/27204

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-5469

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5469

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5469

EUVD