5
CVE-2009-3727
- EPSS 4.2%
- Veröffentlicht 10.11.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:14
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Digium ≫ Asterisknow Version1.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.2% | 0.897 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://secunia.com/advisories/37677
http://www.debian.org/security/2009/dsa-1952
http://secunia.com/advisories/37479
https://bugzilla.redhat.com/show_bug.cgi?id=523277
https://bugzilla.redhat.com/show_bug.cgi?id=533137
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html
http://downloads.asterisk.org/pub/security/AST-2009-008.html
http://osvdb.org/59697
http://secunia.com/advisories/37265
http://www.securityfocus.com/bid/36924
http://www.securitytracker.com/id?1023133