CVE-2008-1390
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Business Edition C.x.x antes de C.1.6, AsteriskNOW antes de 1.0.2, Appliance Developer Kit antes de la revisión 104704 y s800i 1.0.x antes de 1.1.0.2 genera valores ID de gestión no lo suficientemente aleatorios, lo que facilita a atacantes remotos secuestrar una sesión de gestión a través de una serie de adivinaciones de ID.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-03-18 CVE Reserved
- 2008-03-19 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://downloads.digium.com/pub/security/AST-2008-005.html | X_refsource_confirm | |
http://secunia.com/advisories/29470 | Third Party Advisory | |
http://securityreason.com/securityalert/3764 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/489819/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/28316 | Vdb Entry | |
http://www.securitytracker.com/id?1019679 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.1 Search vendor "Asterisk" for product "Asterisk" and version "1.4.1" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.2 Search vendor "Asterisk" for product "Asterisk" and version "1.4.2" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.3 Search vendor "Asterisk" for product "Asterisk" and version "1.4.3" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.4 Search vendor "Asterisk" for product "Asterisk" and version "1.4.4" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.5 Search vendor "Asterisk" for product "Asterisk" and version "1.4.5" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.6 Search vendor "Asterisk" for product "Asterisk" and version "1.4.6" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.7 Search vendor "Asterisk" for product "Asterisk" and version "1.4.7" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.8 Search vendor "Asterisk" for product "Asterisk" and version "1.4.8" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.9 Search vendor "Asterisk" for product "Asterisk" and version "1.4.9" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.10 Search vendor "Asterisk" for product "Asterisk" and version "1.4.10" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.11 Search vendor "Asterisk" for product "Asterisk" and version "1.4.11" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.12 Search vendor "Asterisk" for product "Asterisk" and version "1.4.12" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.13 Search vendor "Asterisk" for product "Asterisk" and version "1.4.13" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.14 Search vendor "Asterisk" for product "Asterisk" and version "1.4.14" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.15 Search vendor "Asterisk" for product "Asterisk" and version "1.4.15" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.16 Search vendor "Asterisk" for product "Asterisk" and version "1.4.16" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.17 Search vendor "Asterisk" for product "Asterisk" and version "1.4.17" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4.18.1 Search vendor "Asterisk" for product "Asterisk" and version "1.4.18.1" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4_beta Search vendor "Asterisk" for product "Asterisk" and version "1.4_beta" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.4_revision_95946 Search vendor "Asterisk" for product "Asterisk" and version "1.4_revision_95946" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Search vendor "Asterisk" for product "Asterisk" | 1.6 Search vendor "Asterisk" for product "Asterisk" and version "1.6" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" | 0.2 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.2" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" | 0.3 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.3" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" | 0.4 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.4" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" | 0.5 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.5" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" | 0.6 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.6" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" | 0.7 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.7" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" | 0.8 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.8" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" | 1.4 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "1.4" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Business Edition Search vendor "Asterisk" for product "Asterisk Business Edition" | c.1.0-beta7 Search vendor "Asterisk" for product "Asterisk Business Edition" and version "c.1.0-beta7" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisk Business Edition Search vendor "Asterisk" for product "Asterisk Business Edition" | c.1.0-beta8 Search vendor "Asterisk" for product "Asterisk Business Edition" and version "c.1.0-beta8" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisknow Search vendor "Asterisk" for product "Asterisknow" | 1.0 Search vendor "Asterisk" for product "Asterisknow" and version "1.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisknow Search vendor "Asterisk" for product "Asterisknow" | beta_5 Search vendor "Asterisk" for product "Asterisknow" and version "beta_5" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisknow Search vendor "Asterisk" for product "Asterisknow" | beta_6 Search vendor "Asterisk" for product "Asterisknow" and version "beta_6" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Asterisknow Search vendor "Asterisk" for product "Asterisknow" | beta_7 Search vendor "Asterisk" for product "Asterisknow" and version "beta_7" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | S800i Search vendor "Asterisk" for product "S800i" | 1.0 Search vendor "Asterisk" for product "S800i" and version "1.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | S800i Search vendor "Asterisk" for product "S800i" | 1.0.1 Search vendor "Asterisk" for product "S800i" and version "1.0.1" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | S800i Search vendor "Asterisk" for product "S800i" | 1.0.2 Search vendor "Asterisk" for product "S800i" and version "1.0.2" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | S800i Search vendor "Asterisk" for product "S800i" | 1.0.3 Search vendor "Asterisk" for product "S800i" and version "1.0.3" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | S800i Search vendor "Asterisk" for product "S800i" | 1.1.0 Search vendor "Asterisk" for product "S800i" and version "1.1.0" | - |
Affected
|