Denial of Service Vulnerability in Asterisk Open Source HTTP Server
CVE-2013-2686

Currently unrated

Key Information:

Vendor: Asterisk
Status: Open Source
Vendor: CVE Published:; 1 April 2013

What is CVE-2013-2686?

A vulnerability in the HTTP server of Asterisk Open Source allows remote attackers to conduct stack-consumption attacks through crafted HTTP POST requests. This misconfiguration in handling Content-Length values can lead to server crashes, affecting availability. The issue arises from an inadequate fix for a prior vulnerability (CVE-2012-5976), highlighting the importance of thorough validation in request processing.

References

https://issues.asterisk.org/jira/browse/ASTERISK-20967

x_refsource_CONFIRM

http://telussecuritylabs.com/threats/show/TSL20130327-01

x_refsource_MISC

http://downloads.asterisk.org/pub/security/AST-2013-002.html

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 1, 2013