Check Point Reference: | CPAI-2014-1891 |
Date Published: | 29 Oct 2014 |
Severity: | Medium |
Last Updated: | Wednesday 29 October, 2014 |
Source: | Digium AST-2014-007 |
Industry Reference: | CVE-2014-4047 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | Asterisk Asterisk Open Source prior to 1.8.28.1 Asterisk Asterisk Open Source prior to 11.10.1 Asterisk Asterisk Open Source prior to 12.3.1 Asterisk Certified Asterisk prior to 1.8.15-cert6 Asterisk Certified Asterisk prior to 11.6-cert3 |
Vulnerability Description | A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to the way HTTP sessions are being handled. A remote, unauthenticated attacker can exploit this vulnerability by establishing an excessive number of TCP connections to the configured HTTP or HTTPS port. |
SmartView Tracker will log the following entries:
Attack Name: VoIP Enforcement Violation.
Attack Information: Digium Asterisk HTTP Connections Denial of Service