CVE-2009-3727

NONECVSS 0.0

0.0

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.

🔗 References (24)

secalert@redhathttp://downloads.asterisk.org/pub/security/AST-2009-008.html
secalert@redhathttp://osvdb.org/59697
secalert@redhathttp://secunia.com/advisories/37265
secalert@redhathttp://secunia.com/advisories/37479
secalert@redhathttp://secunia.com/advisories/37677
secalert@redhathttp://www.debian.org/security/2009/dsa-1952
secalert@redhathttp://www.securityfocus.com/bid/36924
secalert@redhathttp://www.securitytracker.com/id?1023133
secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=523277
secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=533137
secalert@redhathttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
secalert@redhathttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html
af854a3a-2127-422b-91ae-364da2661108http://downloads.asterisk.org/pub/security/AST-2009-008.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/59697
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37265

Is Your Infrastructure Affected by CVE-2009-3727?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-3727

📅 Published

🔄 Last Modified

🔗 References (24)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-3727?