ID CVE-2006-2020
Summary Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information.
References
Vulnerable Configurations
  • cpe:2.3:a:asteriskathome:asteriskathome:2.6
    cpe:2.3:a:asteriskathome:asteriskathome:2.6
CVSS
Base: 7.8 (as of 26-04-2006 - 17:09)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
exploit-db via4
description Asterisk Recording Interface 0.7.15 Audio.PHP Information Disclosure Vulnerability. CVE-2006-2020. Remote exploits for multiple platform
id EDB-ID:27716
last seen 2016-02-03
modified 2006-04-21
published 2006-04-21
reporter Francois Harvey
source https://www.exploit-db.com/download/27716/
title Asterisk Recording Interface 0.7.15 Audio.PHP Information Disclosure Vulnerability
nessus via4
NASL family CGI abuses
NASL id ASTERISK_CONFIG_FILE_DISCLOSURE.NASL
description The remote host is running Asterisk Recording Interface (ARI), a web-based portal for the Asterisk PBX software. The version of ARI installed on the remote host allows an unauthenticated attacker to view its configuration file, which contains sensitive information such as passwords.
last seen 2019-02-21
modified 2018-11-15
plugin id 21303
published 2006-05-03
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=21303
title Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure
refmap via4
bid 17641
bugtraq 20060421 [SecuriWeb 2006.1] directory traversal in Asterisk@Home and ARI
misc http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2006.1
osvdb 24805
secunia 19744
vupen ADV-2006-1457
xf asterisk-mail-disclose-information(25993)
Last major update 07-03-2011 - 21:34
Published 25-04-2006 - 16:06
Last modified 18-10-2018 - 12:37
Back to Top