Asterisk Predictable HTTP Manager Session ID Security Bypass Vulnerability

Bugtraq ID:	28316
Class:	Design Error
CVE:	CVE-2008-1390
Remote:	Yes
Local:	No
Published:	Mar 19 2008 12:00AM
Updated:	Mar 24 2008 11:00PM
Credit:	Dino A. Dai Zovi
Vulnerable:	RedHat Fedora 8 0 RedHat Fedora 7 0 Asterisk s800i Appliance 1.1 0 Asterisk s800i Appliance 1.0.3 Asterisk s800i Appliance 1.0.2 Asterisk s800i Appliance 1.0.1 Asterisk s800i Appliance 1.0 Asterisk AsteriskNow Beta 7 Asterisk AsteriskNow Beta 6 Asterisk AsteriskNow Beta 5 Asterisk AsteriskNow 1.0 Asterisk Asterisk Business Edition C.1.0-beta8 Asterisk Asterisk Business Edition C.1.0-beta7 Asterisk Asterisk Appliance Developer Kit 0.8 Asterisk Asterisk Appliance Developer Kit 0.7 Asterisk Asterisk Appliance Developer Kit 0.6 Asterisk Asterisk Appliance Developer Kit 0.5 Asterisk Asterisk Appliance Developer Kit 0.4 Asterisk Asterisk Appliance Developer Kit 0.3 Asterisk Asterisk Appliance Developer Kit 0.2 Asterisk Asterisk Appliance Developer Kit 1.4 Asterisk Asterisk 1.4.18 1 Asterisk Asterisk 1.4.17 Asterisk Asterisk 1.4.16 Asterisk Asterisk 1.4.15 Asterisk Asterisk 1.4.14 Asterisk Asterisk 1.4.13 Asterisk Asterisk 1.4.12 Asterisk Asterisk 1.4.11 Asterisk Asterisk 1.4.10 Asterisk Asterisk 1.4.9 Asterisk Asterisk 1.4.8 Asterisk Asterisk 1.4.7 Asterisk Asterisk 1.4.6 Asterisk Asterisk 1.4.5 Asterisk Asterisk 1.4.4 Asterisk Asterisk 1.4.3 Asterisk Asterisk 1.4.2 Asterisk Asterisk 1.4.1 Asterisk Asterisk 1.6 Asterisk Asterisk 1.4 revision 95946 Asterisk Asterisk 1.4 Beta

Not Vulnerable:	Asterisk s800i Appliance 1.1 2 Asterisk AsteriskNow 1.0.2 Asterisk Asterisk Business Edition C.1.6 Asterisk Asterisk Appliance Developer Kit 1.4.revision 104704 Asterisk Asterisk 1.6 beta6 Asterisk Asterisk 1.4.19 rc3