CVE-2014-4047

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.8.x through 1.8.28.1 Asterisk Open Source versions 11.x through 11.10.1 Asterisk Open Source versions 12.x through 12.3.1 Certified Asterisk version 1.8.15 through 1.8.15-cert6 Certified Asterisk version 11.6 through 11.6-cert3

Description The issue allows remote attackers to cause a denial of service by consuming connections via a large number of inactive or incomplete HTTP connections.

Recommendations For Asterisk Open Source versions 1.8.x through 1.8.28.1, update to version 1.8.28.1 or later. For Asterisk Open Source versions 11.x through 11.10.1, update to version 11.10.1 or later. For Asterisk Open Source versions 12.x through 12.3.1, update to version 12.3.1 or later. For Certified Asterisk version 1.8.15 through 1.8.15-cert6, update to version 1.8.15-cert6 or later. For Certified Asterisk version 11.6 through 11.6-cert3, update to version 11.6-cert3 or later.