FreeBSD : asterisk -- PJSIP endpoint presence disclosure when using ACL (0137167b-6dca-11e8-a671-001999f8d30b)
High Nessus Plugin ID 110465
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Asterisk project reports :
When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.
SolutionUpdate the affected packages.