Intrusion Prevention

Asterisk.Recording.Interface.XSS

Description

This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in the Dan Littlejohn Asterisk Recording Interface.
The vulnerability is caused by an error when the vulnerable software handles a malicious uri. It allows a remote attacker to execute arbitrary code via sending a crafted request.

Affected Products

Dan Littlejohn Asterisk Recording Interface 0.10
+ Asterisk@Home Asterisk@Home 2.8
Dan Littlejohn Asterisk Recording Interface 0.7.15
+ Asterisk@Home Asterisk@Home 2.6

Impact

Information disclosure: Malicious users may be able to bypass certain security restrictions and compromise a vulnerable system.

Recommended Actions

There are no vendor supplied patches available at this time.