1. CVE-Search
  2. CVE-2008-1390
ID CVE-2008-1390
Summary The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
References
Vulnerable Configurations
  • cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4_revision_95946:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4_revision_95946:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisknow:beta_7:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisknow:beta_7:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 11-10-2018 - 20:33)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 28316
bugtraq 20080318 AST-2008-005: HTTP Manager ID is predictable
confirm http://downloads.digium.com/pub/security/AST-2008-005.html
fedora
  • FEDORA-2008-2554
  • FEDORA-2008-2620
sectrack 1019679
secunia
  • 29449
  • 29470
sreason 3764
xf asterisk-httpmanagerid-weak-security(41304)
Last major update 11-10-2018 - 20:33
Published 24-03-2008 - 17:44
Last modified 11-10-2018 - 20:33
Back to Top