CVE-2011-4597
EPSS 0.69%asterisk - several
發布日:2011/12/15修改日:2026/3/9
描述
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
受影響套件(2)
- Debian/asteriskfrom 0, < 1:1.8.8.0~dfsg-1
- Debian/asteriskfrom 0, < 1:1.6.2.9-2+squeeze4