Asterisk main/http.c DoS (AST-2014-001)
High Nessus Plugin ID 73019
SynopsisA telephony application running on the remote host is affected by a stack overflow vulnerability.
DescriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability.
A stack overflow flaw exists when an HTTP request with a large number of cookie headers isn't properly validated. A remote attacker could potentially cause a denial of service if a request has an unlimited number of cookie headers in the request.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Asterisk 22.214.171.124 / 11.8.1 / 12.1.1 / Certified Asterisk 1.8.15-cert5 / 11.6-cert2, or apply the appropriate patch listed in the Asterisk advisory.