← Back

CVE-2018-7287

nvd nist
Published: Feb 22, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

Affected (14)

Products: Digium: Asterisk
Digium
1 product
Asterisk
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk
Version 15.0.0 beta1
Asterisk
Version 15.0.0 rc1
Asterisk
Version 15.1.0
Asterisk
Version 15.1.0 rc1
Asterisk
Version 15.1.0 rc2
Asterisk
Version 15.1.1
Asterisk
Version 15.1.2
Asterisk
Version 15.1.3
Asterisk
Version 15.1.4
Asterisk
Version 15.1.5
Asterisk
Version 15.2.0
Asterisk
Version 15.2.0 rc1
Asterisk
Version 15.2.0 rc2
Asterisk
Version 15.2.1

Related CWEs

CWE-754
Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (8)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.