Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:DIGIUM-ASTERISK-COOKIE-OF

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Digium Asterisk Cookie Stack Overflow

Release Date

 2014/05/08

Update Number

 2372

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Digium Asterisk Cookie Stack Overflow


This signature detects attempts to exploit a known vulnerability in Digium Asterisk. The vulnerability is due to insufficient validation of Cookie: headers in HTTP requests sent to the HTTP management interface. A remote attacker can exploit this vulnerability to cause a denial-of-service condition.

Extended Description

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Affected Products

  • Digium asterisk 11.8.0
  • Digium asterisk 12.1.0
  • Digium asterisk 1.8.0
  • Digium asterisk 1.8.1
  • Digium asterisk 1.8.10.0
  • Digium asterisk 1.8.10.1
  • Digium asterisk 1.8.1.1
  • Digium asterisk 1.8.11.0
  • Digium asterisk 1.8.11.1
  • Digium asterisk 1.8.12
  • Digium asterisk 1.8.1.2
  • Digium asterisk 1.8.12.0
  • Digium asterisk 1.8.12.1
  • Digium asterisk 1.8.12.2
  • Digium asterisk 1.8.13.0
  • Digium asterisk 1.8.13.1
  • Digium asterisk 1.8.14.0
  • Digium asterisk 1.8.14.1
  • Digium asterisk 1.8.15.0
  • Digium asterisk 1.8.15.1
  • Digium asterisk 1.8.16.0
  • Digium asterisk 1.8.17.0
  • Digium asterisk 1.8.18.0
  • Digium asterisk 1.8.18.1
  • Digium asterisk 1.8.19.0
  • Digium asterisk 1.8.19.1
  • Digium asterisk 1.8.2
  • Digium asterisk 1.8.20.0
  • Digium asterisk 1.8.20.1
  • Digium asterisk 1.8.20.2
  • Digium asterisk 1.8.2.1
  • Digium asterisk 1.8.21.0
  • Digium asterisk 1.8.2.2
  • Digium asterisk 1.8.22.0
  • Digium asterisk 1.8.2.3
  • Digium asterisk 1.8.23.0
  • Digium asterisk 1.8.23.1
  • Digium asterisk 1.8.2.4
  • Digium asterisk 1.8.24.0
  • Digium asterisk 1.8.24.1
  • Digium asterisk 1.8.25.0
  • Digium asterisk 1.8.26.0
  • Digium asterisk 1.8.3
  • Digium asterisk 1.8.3.1
  • Digium asterisk 1.8.3.2
  • Digium asterisk 1.8.3.3
  • Digium asterisk 1.8.4
  • Digium asterisk 1.8.4.1
  • Digium asterisk 1.8.4.2
  • Digium asterisk 1.8.4.3
  • Digium asterisk 1.8.4.4
  • Digium asterisk 1.8.5
  • Digium asterisk 1.8.5.0
  • Digium asterisk 1.8.6.0
  • Digium asterisk 1.8.7.0
  • Digium asterisk 1.8.7.1
  • Digium asterisk 1.8.8.0
  • Digium asterisk 1.8.8.1
  • Digium asterisk 1.8.8.2
  • Digium asterisk 1.8.9.0
  • Digium asterisk 1.8.9.1
  • Digium asterisk 1.8.9.2
  • Digium asterisk 1.8.9.3
  • Digium certified_asterisk 11.6
  • Digium certified_asterisk 11.6.0
  • Digium certified_asterisk 1.8.0.0
  • Digium certified_asterisk 1.8.1.0
  • Digium certified_asterisk 1.8.10.0
  • Digium certified_asterisk 1.8.11.0
  • Digium certified_asterisk 1.8.12.0
  • Digium certified_asterisk 1.8.13.0
  • Digium certified_asterisk 1.8.14.0
  • Digium certified_asterisk 1.8.15
  • Digium certified_asterisk 1.8.2.0
  • Digium certified_asterisk 1.8.3.0
  • Digium certified_asterisk 1.8.4.0
  • Digium certified_asterisk 1.8.5.0
  • Digium certified_asterisk 1.8.6.0
  • Digium certified_asterisk 1.8.7.0
  • Digium certified_asterisk 1.8.8.0
  • Digium certified_asterisk 1.8.9.0
  • Fedoraproject fedora 19
  • Fedoraproject fedora 20

References

  • CVE: CVE-2014-2286

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out