CVE-2018-7287
MEDIUMAsterisk 15.x-15.2.1 - Denial of Service via WebSocket Payload
Title source: llmDescription
An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040419
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103120
Vendor Advisory x_refsource_confirm
https://issues.asterisk.org/jira/browse/ASTERISK-27658
Vendor Advisory x_refsource_confirm
http://downloads.digium.com/pub/security/AST-2018-006.html
Scores
CVSS v3
5.9
EPSS
0.1190
EPSS Percentile
95.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-754
Status
published
Products (9)
digium/asterisk
15.0.0 beta1 (2 CPE variants)
digium/asterisk
15.1.0 (3 CPE variants)
digium/asterisk
15.1.1
digium/asterisk
15.1.2
digium/asterisk
15.1.3
digium/asterisk
15.1.4
digium/asterisk
15.1.5
digium/asterisk
15.2.0 (3 CPE variants)
digium/asterisk
15.2.1
Published
Feb 22, 2018
Tracked Since
Feb 18, 2026