PT-2018-18001 · Sangoma · Asterisk

Sean Bright

Published

2018-02-22

Updated

2019-10-03

CVE-2018-7287

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Asterisk versions 15.x through 15.2.1

Description An issue in the res http websocket.c file causes the Asterisk system to mishandle WebSocket payloads of size 0, resulting in a busy loop when the HTTP server is enabled.

Recommendations For Asterisk versions 15.x through 15.2.1, consider disabling the HTTP server as a temporary workaround to minimize the risk of exploitation.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2018-7287

Affected Products

Asterisk

PT-2018-18001 · Sangoma · Asterisk

CVE-2018-7287

Weakness Enumeration

Related Identifiers

Affected Products

References · 7