QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-12227

Back to search

CVE-2018-12227

Published: Jun 12, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

VendorProductVersions

n/a

n/a

affected
n/a

References

DSA-4320
vendor-advisory
x_refsource_DEBIAN
104455
vdb-entry
x_refsource_BID
GLSA-201811-11
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2018-12227 - Security Vulnerability | QwikSec