Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:DOS:WEBSOCKET-0PAYLOAD
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Digium Asterisk WebSocket Frame Empty Payload Denial of Service
Release Date	2018/05/01
Update Number	3061
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Digium Asterisk WebSocket Frame Empty Payload Denial of Service

This signature detects attempts to exploit a known vulnerability against Digium Asterisk. A successful attack can result in a denial-of-service condition.

Extended Description

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

Affected Products

Digium asterisk 15.0.0
Digium asterisk 15.1.0
Digium asterisk 15.1.1
Digium asterisk 15.1.2
Digium asterisk 15.1.3
Digium asterisk 15.1.4
Digium asterisk 15.1.5
Digium asterisk 15.2.0
Digium asterisk 15.2.1

References

BugTraq: 103120
CVE: CVE-2018-7287

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Digium Asterisk WebSocket Frame Empty Payload Denial of Service

Extended Description

Affected Products

References