- Home
- CVEs with nessus.description==According to its SIP banner, the version of Asterisk running on the
remote host is affected by the following vulnerabilities :
- An information disclosure vulnerability, known as BEAST,
exists in the SSL 3.0 and TLS 1.0 protocols due to a
flaw in the way the initialization vector (IV) is
selected when operating in cipher-block chaining (CBC)
modes. A man-in-the-middle attacker can exploit this
to obtain plaintext HTTP header data, by using a
blockwise chosen-boundary attack (BCBA) on an HTTPS
session, in conjunction with JavaScript code that uses
the HTML5 WebSocket API, the Java URLConnection API,
or the Silverlight WebClient API. (CVE-2011-3389)
- An integer overflow condition exists in sip.conf due to
improper validation of user-supplied input when handling
'timert1' values. A remote attacker can exploit this to
cause a denial of service.
- An unspecified flaw exists due to improper handling of
FAT data in UDPTL packets. A remote attacker can exploit
this to cause a denial of service.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top