CVE-2005-3559

Asterisk 1.0.9-1.2.0-beta1 - Directory Traversal via vmail.cgi Folder Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3559. PoCs published by Adam Pointon.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in Asterisk's voicemail CGI script, allowing unauthorized access to voicemail and .wav files. The provided URL demonstrates the attack vector by manipulating the 'folder' parameter.

Description

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Adam Pointon · textwebappscgi
https://www.exploit-db.com/exploits/26475

The exploit describes a directory traversal vulnerability in Asterisk's voicemail CGI script, allowing unauthorized access to voicemail and .wav files. The provided URL demonstrates the attack vector by manipulating the 'folder' parameter.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Asterisk (version not specified)
No auth needed
Prerequisites: Access to the vulnerable CGI script
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15336
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19872
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23002
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/415990/30/0/threaded
Exploit, Vendor Advisory x_refsource_misc
http://www.assurance.com.au/advisories/200511-asterisk.txt
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17459
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2346
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1048
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015164
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/20577

Scores

EPSS 0.2016
EPSS Percentile 97.1%

Details

Status published
Products (33)
digium/asterisk 0.1.0
digium/asterisk 0.1.1
digium/asterisk 0.1.2
digium/asterisk 0.1.3
digium/asterisk 0.1.4
digium/asterisk 0.1.5
digium/asterisk 0.1.6
digium/asterisk 0.1.7
digium/asterisk 0.1.8
digium/asterisk 0.1.9
... and 23 more
Published Nov 16, 2005
Tracked Since Feb 18, 2026