Skip to content

CVE-2014-2286

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Ver en NVD

Severidad

N/A

EPSS

Probabilidad de explotación (próx. 30 días): 0.1476 (14.8%)
Percentil: 94.5%
EPSS: 2026-05-06

Afecta

digium:asteriskfedoraproject:fedoradigium:certified_asterisk

Descripción técnica

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Publicada: 18/4/2014, 22:14:37
Última modificación: 6/5/2026, 22:30:45

Referencias

InicioEventosBlogRecursosEquipo