| ID |
CVE-2007-4455
|
| Summary |
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
-
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*
-
cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 29-07-2017 - 01:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| refmap
via4
|
| bid | 25392 | | confirm | http://downloads.digium.com/pub/asa/AST-2007-020.html | | fulldisc | 20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver | | sectrack | 1018595 | | secunia | 26553 | | sreason | 3047 | | vupen | ADV-2007-2953 | | xf | asterisk-sip-dialoghistory-dos(36145) |
|
| Last major update |
29-07-2017 - 01:32 |
| Published |
22-08-2007 - 01:17 |
| Last modified |
29-07-2017 - 01:32 |
