CVE-2008-1390

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.18.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4_revision_95946:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.6:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisknow:beta_7:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:44

Type Values Removed Values Added
References () http://downloads.digium.com/pub/security/AST-2008-005.html - () http://downloads.digium.com/pub/security/AST-2008-005.html -
References () http://secunia.com/advisories/29449 - Vendor Advisory () http://secunia.com/advisories/29449 - Vendor Advisory
References () http://secunia.com/advisories/29470 - () http://secunia.com/advisories/29470 -
References () http://securityreason.com/securityalert/3764 - () http://securityreason.com/securityalert/3764 -
References () http://www.securityfocus.com/archive/1/489819/100/0/threaded - () http://www.securityfocus.com/archive/1/489819/100/0/threaded -
References () http://www.securityfocus.com/bid/28316 - () http://www.securityfocus.com/bid/28316 -
References () http://www.securitytracker.com/id?1019679 - () http://www.securitytracker.com/id?1019679 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 -
References () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html - () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html - () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html -

Information

Published : 2008-03-24 17:44

Updated : 2024-11-21 00:44


NVD link : CVE-2008-1390

Mitre link : CVE-2008-1390

CVE.ORG link : CVE-2008-1390


JSON object : View

Products Affected

asterisk

  • asterisk_business_edition
  • asterisk
  • asterisk_appliance_developer_kit
  • s800i
  • asterisknow
CWE
CWE-255

Credentials Management Errors