Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Asterisk SIP信道驱动器信息泄露漏洞
Vulnerability Description
Digium Asterisk是美国Digium公司的一套开源的电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Asterisk Open Source 1.8.20.2之前的1.8.x版本,10.12.2之前的10.x版本,11.2.2之前的11.x版本;Certified Asterisk 1.8.15-cert2之前的1.8.15版本;Asterisk Business Edition (BE)C.3.8.1之前的C.3.x版本;Asterisk Dig
CVSS Information
N/A
Vulnerability Type
N/A