This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote web server contains a PHP application that is affected by
an information disclosure issue.
The remote host is running Asterisk Recording Interface (ARI), a
web-based portal for the Asterisk PBX software.
The version of ARI installed on the remote host reportedly allows an
unauthenticated attacker to retrieve arbitrary sound files, such as
voicemail messages, and to determine the existence of other files on
the remote host by passing a specially crafted path to the 'recording'
parameter of the 'misc/audio.php' script.
See also :
Upgrade to ARI 0.10 / Asterisk@Home 2.8 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true