Vulnerability Name: | CVE-2003-1110 (CCN-11379) | ||||||||
Assigned: | 2003-02-21 | ||||||||
Published: | 2003-02-21 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2003-1108 Source: MITRE Type: CNA CVE-2003-1109 Source: MITRE Type: CNA CVE-2003-1110 Source: MITRE Type: CNA CVE-2003-1111 Source: MITRE Type: CNA CVE-2003-1112 Source: MITRE Type: CNA CVE-2003-1113 Source: MITRE Type: CNA CVE-2003-1114 Source: MITRE Type: CNA CVE-2003-1115 Source: CCN Type: SECTRACK ID: 1006143 Cisco IP Phone SIP Protocol Bugs Let Remote Users Deny Service Source: CCN Type: SECTRACK ID: 1006144 Cisco IOS Router SIP Protocol Bugs Let Remote Users Deny Service Source: CCN Type: SECTRACK ID: 1006145 Cisco PIX Firewall SIP Protocol Bugs Let Remote Users Deny Service Source: CCN Type: SECTRACK ID: 1006167 Columbia SIP User Agent (sipc) SIP Protocol Bugs Let Remote Users Deny Service Source: SECTRACK Type: Patch 1006167 Source: CCN Type: Avaya Security Advisory April 5, 2004 Vulnerabilities in the Implementation of the Session Initiation Protocol (SIP) Source: CCN Type: CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP) Source: CERT Type: Third Party Advisory, US Government Resource CA-2003-06 Source: CCN Type: cisco-sa-20030221-protos Cisco Security Advisory: Multiple Product Vulnerabilities Found by PROTOS SIP Test Suite Source: CONFIRM Type: Patch http://www.cs.columbia.edu/~xiaotaow/sipc/ouspg.html Source: CCN Type: University of OULU Web site PROTOS Test-Suite: c07-sip Source: MISC Type: Exploit http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/ Source: CCN Type: iptel.org Web site iptel.org SIP Express Router Security Alerts Source: CCN Type: US-CERT VU#528719 Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#528719 Source: CCN Type: OSVDB ID: 15412 Multiple Vendor SIP Crafted INVITE Message Handling Issue (PROTOS) Source: BID Type: UNKNOWN 6904 Source: CCN Type: BID-6904 Multiple Vendor Session Initiation Protocol Vulnerabilities Source: XF Type: UNKNOWN sip-invite(11379) Source: XF Type: UNKNOWN sip-invite(11379) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |