GCVE - cpe:2.3:a:digium:asterisk:1.4.42:rc1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:1.4.42:rc1:*:*:*:*:*:*

part: a version: 1.4.42 update: rc1

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.829423

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-4597`	vulnerable	2026-06-08 04:59:32.169948	Details available The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. Published: 2011-12-15T02:00:00.000Z Updated: 2024-08-07T00:09:19.309Z Open on db.gcve.eu Reference links http://osvdb.org/77597 http://downloads.asterisk.org/pub/security/AST-2011-013.html http://openwall.com/lists/oss-security/2011/12/09/4 http://openwall.com/lists/oss-security/2011/12/09/3 http://secunia.com/advisories/47273	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.