FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5fee3f02-de37-11e4-b7c3-001999f8d30b	asterisk -- TLS Certificate Common name NULL byte exploit The Asterisk project reports: When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. For example, if Asterisk is trying to register to www.domain.com, Asterisk will accept certificates of the form www.domain.com\x00www.someotherdomain.com Discovery 2015-04-04 Entry 2015-04-08 asterisk < 1.8.32.3 asterisk11 < 11.17.1 asterisk13 < 13.3.2 http://downloads.asterisk.org/pub/security/AST-2015-003.html CVE-2015-3008

VuXML ID

Description

5fee3f02-de37-11e4-b7c3-001999f8d30b

asterisk -- TLS Certificate Common name NULL byte exploit

The Asterisk project reports:

When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. For example, if Asterisk is trying to register to www.domain.com, Asterisk will accept certificates of the form www.domain.com\x00www.someotherdomain.com

Discovery 2015-04-04
Entry 2015-04-08
asterisk

< 1.8.32.3

asterisk11

< 11.17.1

asterisk13

< 13.3.2

http://downloads.asterisk.org/pub/security/AST-2015-003.html
CVE-2015-3008