{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-11-04T00:00:00.000Z","descriptions":[{"lang":"en","value":"Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-11-19T10:00:00.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"37265","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37265"},{"name":"FEDORA-2009-11126","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"},{"name":"37479","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37479"},{"name":"37677","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37677"},{"name":"DSA-1952","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2009/dsa-1952"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=523277"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=533137"},{"name":"36924","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/36924"},{"name":"FEDORA-2009-11070","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"},{"name":"59697","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/59697"},{"tags":["x_refsource_CONFIRM"],"url":"http://downloads.asterisk.org/pub/security/AST-2009-008.html"},{"name":"1023133","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1023133"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T06:38:30.134Z"},"title":"CVE Program Container","references":[{"name":"37265","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37265"},{"name":"FEDORA-2009-11126","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"},{"name":"37479","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37479"},{"name":"37677","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37677"},{"name":"DSA-1952","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2009/dsa-1952"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=523277"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=533137"},{"name":"36924","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/36924"},{"name":"FEDORA-2009-11070","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"},{"name":"59697","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/59697"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://downloads.asterisk.org/pub/security/AST-2009-008.html"},{"name":"1023133","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1023133"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2009-3727","datePublished":"2009-11-10T18:00:00.000Z","dateReserved":"2009-10-16T00:00:00.000Z","dateUpdated":"2024-08-07T06:38:30.134Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}