{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-08T00:00:00", "descriptions": [{"lang": "en", "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200905-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"}, {"name": "20090108 AST-2009-001: Information leak in IAX2 authentication", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"}, {"name": "33453", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33453"}, {"name": "4910", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4910"}, {"name": "33174", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33174"}, {"name": "37677", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37677"}, {"name": "DSA-1952", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1952"}, {"name": "1021549", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021549"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"}, {"name": "ADV-2009-0063", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0063"}, {"name": "34982", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34982"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0041", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200905-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"}, {"name": "20090108 AST-2009-001: Information leak in IAX2 authentication", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"}, {"name": "33453", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33453"}, {"name": "4910", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4910"}, {"name": "33174", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33174"}, {"name": "37677", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37677"}, {"name": "DSA-1952", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1952"}, {"name": "1021549", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021549"}, {"name": "http://downloads.digium.com/pub/security/AST-2009-001.html", "refsource": "CONFIRM", "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"}, {"name": "ADV-2009-0063", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0063"}, {"name": "34982", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34982"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:17:10.507Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-200905-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"}, {"name": "20090108 AST-2009-001: Information leak in IAX2 authentication", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"}, {"name": "33453", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33453"}, {"name": "4910", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4910"}, {"name": "33174", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33174"}, {"name": "37677", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37677"}, {"name": "DSA-1952", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1952"}, {"name": "1021549", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021549"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"}, {"name": "ADV-2009-0063", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0063"}, {"name": "34982", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34982"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0041", "datePublished": "2009-01-14T23:00:00", "dateReserved": "2009-01-06T00:00:00", "dateUpdated": "2024-08-07T04:17:10.507Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", "matchCriteriaId": "24A5B8FE-5EB4-4EFD-957D-D0B7AADC55E5", "versionEndIncluding": "b.2.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:*:beta8:*:*:*:*:*:*", "matchCriteriaId": "5E583AB0-6127-4C34-B6C6-1837F5D0C2D6", "versionEndIncluding": "c.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:*", "matchCriteriaId": "313B3A38-8DEA-4D62-A1A4-0B6011E81870", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "802F8680-AB38-41AF-BFC8-F6927F6B1626", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BCAE8D90-B032-4C60-B487-BE655D00FFAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB64A872-B7B8-46A8-81E4-49EDAC160531", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "21000270-C9B9-430C-A252-763887A15835", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "12F7CF45-5482-4947-8F1D-48C746987475", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "7B64995D-7892-49AB-A89D-A5D15615C5D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "0397DBD4-EA00-444A-9008-4932F99DF325", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "6FCD865F-BC39-4255-A797-6E5945773337", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BB3C2CF4-4A4B-4398-92DC-EAE43801D08A", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "D7203093-7209-4184-92CB-08AD73FAC379", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4956871-4DD3-4299-8BEB-9D98A4449A42", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F796D547-034A-46FB-B245-3863C198AA84", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F04F844-79C4-41F3-9671-8B46460D0AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "F981A428-E7F3-4DE5-91DC-60A1C5C6C6EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC6254A9-FDE8-4167-9B8F-BA387A813DCC", "versionEndIncluding": "1.2.30.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:*:rc3:*:*:*:*:*:*", "matchCriteriaId": "FD73983B-7A1A-4016-B5D6-EA1019CC8D35", "versionEndIncluding": "1.4.23", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:*:rc1:*:*:*:*:*:*", "matchCriteriaId": "8E0B464C-075E-4B62-B00A-53AA2613B619", "versionEndIncluding": "1.6.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F7971E1-F136-4ADC-95EC-BC4F92E838CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "E62D108C-862D-4BDB-BE37-285AA4C9C59A", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "CF1422F3-829D-498C-83A6-02989DFB70A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "CBEB9D69-A404-4053-92F9-CAC3481AFF1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E816CCDB-4169-4F09-AE87-E467F4BE7685", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0beta1:*:*:*:*:*:*:*", "matchCriteriaId": "7435F043-F92B-4635-93CC-A2C39AAE1BCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*", "matchCriteriaId": "C7B2F43B-8B69-4BF6-86B7-A225175FF068", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "27202966-2C41-4964-9497-1887D2A834C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.2:netsec:*:*:*:*:*:*", "matchCriteriaId": "65223182-1675-462C-AF67-4A48760A63F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:*", "matchCriteriaId": "DC7EB4CD-6436-4E0B-A620-9DF2AC8A3C66", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "9E79CCE5-C29B-4726-8D2F-BC20F70959BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:*", "matchCriteriaId": "0CF6584D-A7BB-4BD5-8232-9293FEE4A971", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "F29C13DB-6F04-4B41-90A2-2408D70F3641", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:*", "matchCriteriaId": "174D6B56-7D0F-46F0-849A-FD05CB348FAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "0F4F734E-0E78-4957-B323-8E9FBA7FF15C", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:*", "matchCriteriaId": "938F545A-F8A7-455E-8E5A-2B5454B6CE53", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A4B117B-E945-4033-A79D-10DFAA3DF18B", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec:*:*:*:*:*:*", "matchCriteriaId": "E7C0897A-C841-4AAB-A6B3-1FCF7A99A60A", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "EA6D866F-8189-4FFD-AA24-47C0A015C246", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:*", "matchCriteriaId": "B2BAA1B3-7DD3-4248-915D-2BCC0ACFA2C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "A4EBFB79-C269-4132-BFAB-451F66CE8289", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:*", "matchCriteriaId": "21612C17-7368-4108-B55B-5AB5CA6733E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "E9E1028E-2C07-4BA3-B891-FA853A87B280", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:*", "matchCriteriaId": "8A0D57D7-15AD-4CDF-A5A7-AB83F8E6154E", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "9E74F577-70BD-4FAF-BCFD-10CD21FC5601", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:*", "matchCriteriaId": "06DB25C8-4EA5-465F-8EFA-BCA8D40F1795", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "57BB03E2-E61C-4A94-82DF-8720698CE271", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:*", "matchCriteriaId": "A149F8C2-3DA5-44B2-A288-3482F3975824", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "1B30A36F-5CE6-4246-8752-176FB5999C1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:*", "matchCriteriaId": "9462B320-B69D-409D-8DCC-D8D6CA1A757D", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:*", "matchCriteriaId": "ECCCBAE9-8FD4-43F0-9EF8-56E9BBA3D8C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "6A59BC20-3217-4584-9196-D1CD9E0D6B52", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:*", "matchCriteriaId": "BEA0014A-659B-4533-A393-6D4ADC80EB0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*", "matchCriteriaId": "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:*", "matchCriteriaId": "8F1621F9-7C84-4CF0-BBCD-CEAEE8683BAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*", "matchCriteriaId": "3C64DF29-5B3D-401E-885E-8E37FD577254", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:*", "matchCriteriaId": "346C9F65-B5FB-4A75-8E1B-137112F270D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:*", "matchCriteriaId": "7EFEE380-0C64-4413-AF3A-45ABC8833500", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*", "matchCriteriaId": "7A321C2D-852B-4498-ADD6-79956410AB94", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:*", "matchCriteriaId": "8CA18FC6-1480-400E-A885-8CDAE45AA7A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*", "matchCriteriaId": "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:*", "matchCriteriaId": "93741261-378B-4C02-8D68-0E5F39128375", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*", "matchCriteriaId": "C820538E-14EC-43C1-80DB-6AAE4905EF0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:*", "matchCriteriaId": "07CF9DD6-B624-49F0-A8E4-7EBCE7932BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*", "matchCriteriaId": "E9562112-2505-4F78-86DE-F30EFAEE47D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*", "matchCriteriaId": "9EEA1E9C-C1FB-4EFD-86EA-DCF78C57FC35", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*", "matchCriteriaId": "5E20FAF7-9031-478E-A89C-D6FB3B5FDE3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*", "matchCriteriaId": "72A840B4-216B-4063-997F-791FBC8C8658", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*", "matchCriteriaId": "72375576-F857-4585-A677-A326D89A65B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*", "matchCriteriaId": "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*", "matchCriteriaId": "E1AEB744-FCF2-4A41-8866-9D1D20E6C6B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*", "matchCriteriaId": "51E5EB34-30AD-4E81-8BD4-4AB905E52B82", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:*", "matchCriteriaId": "4359322B-08D0-4710-A9C3-54BD4A17B800", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:*", "matchCriteriaId": "78F84DF4-DBA7-430C-AF17-F52024EF80D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:*", "matchCriteriaId": "34266614-3588-485C-A609-37823F8499AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "967DF432-DEF4-4FA2-8C8D-19A7FB663A33", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "40850BF4-E252-4667-9B46-9B6FEF6E997D", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "1BB01DD1-B29B-4210-88CC-9ADB3148A410", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "5C0FA6A3-BFA9-4397-B75B-75C8357C36B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "295D4042-2D3C-481B-B969-2DDAC1161198", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "99E9EE2A-56AD-42BC-8CB0-D34091849B0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "96877A3E-B54B-4F31-B281-76CDC98B2D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "6D0B4503-42A6-4D88-954E-A662E91EC204", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4B73813-BCD8-429E-B9B9-D6665E026BC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BBA3ECC-4F40-41CD-A6D7-BBD680DDBACC", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "9CBE2156-AF86-4C72-B33D-3FF83930F828", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "61408884-FBBF-4D94-A552-F99AB46DCED6", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "4A527277-D97D-4B74-906F-7481BDBD96D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "D8B57A32-7B83-4783-A244-C26301970444", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "044FD0D0-FC92-4A01-B0D4-11A703EF21FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3477EC1A-9634-492C-B052-35770A9C9F4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "1C90F104-FA2C-4091-B149-1774AC982C0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "C9328768-7C08-4143-B5F8-F5C2D735D21A", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "6C04E2B3-094B-4828-A2FC-BB66244A9F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "4BDE3D31-4BB2-45A3-B085-8C91152A3152", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "CE0107D4-395E-45F1-B963-7618CCC007D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "53B8E11B-4984-45A8-A107-D276205988B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "2495DB98-F923-4E60-86EC-2DBB7A98C90C", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "E186D125-996E-4900-A2B8-5CDC8B5D5136", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*", "matchCriteriaId": "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "88576385-EF03-408B-9775-B52E6AFFE48A", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "1A838577-2BA1-4792-8B69-6FB07FFD7727", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDEED3E1-13E0-46E6-8AAB-D24D2D04AE4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "ED2BF36F-CF10-4F24-970B-3D0BB7561C81", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "BFC1BB05-15C6-4829-86EB-5B1BFA4B5B17", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "AB77E88B-7233-4979-914E-24E671C1FB23", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "C4FF0F09-0268-480F-A2F3-6F8C3F323EEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "1CCF9CAE-674A-4833-9D5C-FCBD865BE9F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB1593E1-BF21-4DB9-A18E-9F221F3F9022", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.19.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC8E9FE3-FA25-4054-876E-4A3CE6E71AFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "4BBAEADC-D1DE-46EF-808C-2F6D2A74D988", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:rc1:*:*:*:*:*:*", "matchCriteriaId": "AEF8EB4B-2947-4BD3-ADF3-345AEFE85B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:rc2:*:*:*:*:*:*", "matchCriteriaId": "E4476FB3-A759-49F5-ABDE-6D2A321B61BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:rc3:*:*:*:*:*:*", "matchCriteriaId": "DFC109C3-2F52-48BE-B07E-3D65F31C1012", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "E54101A9-3967-4111-8A03-DA1BB23141BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21:rc1:*:*:*:*:*:*", "matchCriteriaId": "D8B00600-1D45-41F7-9A10-97FB39012FDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21:rc2:*:*:*:*:*:*", "matchCriteriaId": "D8CB2331-0F95-45E0-AF5B-0B9C74C5BA88", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4ADB6A7-76AC-4AE3-B1AA-9F8DFA635418", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.21.2:*:*:*:*:*:*:*", "matchCriteriaId": "776BC35C-CF37-4F4E-9FD5-EC351D4C2C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "F10DAABC-FF06-44FB-98EC-B6AD17C03FBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22:rc3:*:*:*:*:*:*", "matchCriteriaId": "ACA8AFD5-4C7C-4876-93CA-C5B3E881C455", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22:rc4:*:*:*:*:*:*", "matchCriteriaId": "547EEB2B-2ECA-4B00-83BB-CFAA11BE0145", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "83829E0F-C24B-4BD6-88EA-98898A9AD86E", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.22.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4C19141-823E-4057-A699-FD1DFF92DF38", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "ECE7FE41-E749-49B8-99DF-19F9E7C4827A", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:rc1:*:*:*:*:*:*", "matchCriteriaId": "4E78234B-39B6-4DB4-A10F-AA55F174D4F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:rc2:*:*:*:*:*:*", "matchCriteriaId": "3984CF42-2431-4661-B333-C6721DF7123A", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4_revision_95946:*:*:*:*:*:*:*", "matchCriteriaId": "E3C6272B-D0C4-4EA5-AEE4-5A45DAA2DDE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:*", "matchCriteriaId": "2A8012CE-4D4B-4131-87E7-16D7907E3BB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "D4F88914-6097-4AF1-8337-DCF062EB88AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8BDB49DC-5344-451E-B8D6-D02C3431CE78", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "B1FDA8D3-5082-479B-BA0A-F1E83D750B5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "7305910F-42BA-44CE-A7AC-B6F74200B68D", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "B93EB4D6-3375-44BC-870F-714A3BC00C2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "52F60D6E-64EB-4223-8A79-595693B444C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta7.1:*:*:*:*:*:*", "matchCriteriaId": "37CF29B9-4397-4298-9326-0443E666CDC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "7D85DA34-A977-4A82-8E79-7BFE064DE9EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "1476EF7B-A6F8-4B10-AF0F-986EA6BA3116", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "98E222F0-4CAA-4247-A00D-C6CEC2E55198", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "63744245-6126-47F6-B9F5-E936538140C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "C8805BEE-A4CF-45C2-B948-F1E8EF0A0886", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E474C33-B42A-4BB8-AC57-8A9071316240", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B83B3132-7D78-4AC3-B83A-A6A20AA28993", "vulnerable": true}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0147FCED-AE75-4945-B76E-33F2AA764B9B", "vulnerable": true}, {"criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BBE03C02-BE4A-47B6-A2B4-68DAEC5AA47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."}, {"lang": "es", "value": "IAX2 en Asterisk Open Source v1.2.x anterior a v1.2.31, v1.4.x anterior a v1.4.23-rc4, y v1.6.x anterior a v1.6.0.3-rc2; Business Edition A.x.x, B.x.x anterior a B.2.5.7, C.1.x.x anterior a C.1.10.4, y C.2.x.x anterior a C.2.1.2.1; y s800i 1.2.x anterior a v1.3.0 responden de manera distinta ante un intento de acceso fallido dependiendo de si la cuenta de usuario existe, lo que permite a atacantes remotos listar nombres de usuario v\u00e1lidos."}], "evaluatorComment": "Vendor Advisory: http://downloads.digium.com/pub/security/AST-2009-001.html", "id": "CVE-2009-0041", "lastModified": "2024-11-21T00:58:55.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-14T23:30:00.187", "references": [{"source": "cve@mitre.org", "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33453"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34982"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/37677"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4910"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2009/dsa-1952"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/33174"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021549"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4910"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2009/dsa-1952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/33174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0063"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "asterisk: Replies to failed login attempts differently based on whether the user account exists (information disclosure)", "id": "480132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480132"}, "csaw": false, "details": ["IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."], "name": "CVE-2009-0041", "public_date": "2009-01-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0041\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0041"], "threat_severity": "Low"}