5.9

CVE-2018-7287

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DigiumAsterisk Version15.0.0 Updatebeta1
DigiumAsterisk Version15.0.0 Updaterc1
DigiumAsterisk Version15.1.0
DigiumAsterisk Version15.1.0 Updaterc1
DigiumAsterisk Version15.1.0 Updaterc2
DigiumAsterisk Version15.1.1
DigiumAsterisk Version15.1.2
DigiumAsterisk Version15.1.3
DigiumAsterisk Version15.1.4
DigiumAsterisk Version15.1.5
DigiumAsterisk Version15.2.0
DigiumAsterisk Version15.2.0 Updaterc1
DigiumAsterisk Version15.2.0 Updaterc2
DigiumAsterisk Version15.2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 33.11% 0.967
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

http://www.securityfocus.com/bid/103120
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040419
Third Party Advisory
VDB Entry