CVE-2005-3559
asterisk - several vulnerabilities
EPSS 5.5%
Description
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
How to fix CVE-2005-3559
To remediate CVE-2005-3559, upgrade the affected package to a fixed version below.
- Debian/asterisk—upgrade to 1:1.2.7.1.dfsg-2 or later
- Debian/asterisk—upgrade to 0.1.11-3woody1 or later
Is CVE-2005-3559 being exploited?
Moderate — EPSS is 5.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1:1.2.7.1.dfsg-2
- from 0, < 0.1.11-3woody1