The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Asterisk | Asterisk | 1.4.1 (including) | 1.4.1 (including) |
| Asterisk | Asterisk | 1.4.2 (including) | 1.4.2 (including) |
| Asterisk | Asterisk | 1.4.3 (including) | 1.4.3 (including) |
| Asterisk | Asterisk | 1.4.4 (including) | 1.4.4 (including) |
| Asterisk | Asterisk | 1.4.5 (including) | 1.4.5 (including) |
| Asterisk | Asterisk | 1.4.6 (including) | 1.4.6 (including) |
| Asterisk | Asterisk | 1.4.7 (including) | 1.4.7 (including) |
| Asterisk | Asterisk | 1.4.8 (including) | 1.4.8 (including) |
| Asterisk | Asterisk | 1.4.9 (including) | 1.4.9 (including) |
| Asterisk | Asterisk | 1.4.10 (including) | 1.4.10 (including) |
| Asterisk | Asterisk | 1.4.11 (including) | 1.4.11 (including) |
| Asterisk | Asterisk | 1.4.12 (including) | 1.4.12 (including) |
| Asterisk | Asterisk | 1.4.13 (including) | 1.4.13 (including) |
| Asterisk | Asterisk | 1.4.14 (including) | 1.4.14 (including) |
| Asterisk | Asterisk | 1.4.15 (including) | 1.4.15 (including) |
| Asterisk | Asterisk | 1.4.16 (including) | 1.4.16 (including) |
| Asterisk | Asterisk | 1.4.17 (including) | 1.4.17 (including) |
| Asterisk | Asterisk | 1.4.18.1 (including) | 1.4.18.1 (including) |
| Asterisk | Asterisk | 1.4_beta (including) | 1.4_beta (including) |
| Asterisk | Asterisk | 1.4_revision_95946 (including) | 1.4_revision_95946 (including) |
| Asterisk | Asterisk | 1.6 (including) | 1.6 (including) |
| Asterisk_appliance_developer_kit | Asterisk | 0.2 (including) | 0.2 (including) |
| Asterisk_appliance_developer_kit | Asterisk | 0.3 (including) | 0.3 (including) |
| Asterisk_appliance_developer_kit | Asterisk | 0.4 (including) | 0.4 (including) |
| Asterisk_appliance_developer_kit | Asterisk | 0.5 (including) | 0.5 (including) |
| Asterisk_appliance_developer_kit | Asterisk | 0.6 (including) | 0.6 (including) |
| Asterisk_appliance_developer_kit | Asterisk | 0.7 (including) | 0.7 (including) |
| Asterisk_appliance_developer_kit | Asterisk | 0.8 (including) | 0.8 (including) |
| Asterisk_appliance_developer_kit | Asterisk | 1.4 (including) | 1.4 (including) |
| Asterisk_business_edition | Asterisk | c.1.0-beta7 (including) | c.1.0-beta7 (including) |
| Asterisk_business_edition | Asterisk | c.1.0-beta8 (including) | c.1.0-beta8 (including) |
| Asterisknow | Asterisk | 1.0 (including) | 1.0 (including) |
| Asterisknow | Asterisk | beta_5 (including) | beta_5 (including) |
| Asterisknow | Asterisk | beta_6 (including) | beta_6 (including) |
| Asterisknow | Asterisk | beta_7 (including) | beta_7 (including) |
| S800i | Asterisk | 1.0 (including) | 1.0 (including) |
| S800i | Asterisk | 1.0.1 (including) | 1.0.1 (including) |
| S800i | Asterisk | 1.0.2 (including) | 1.0.2 (including) |
| S800i | Asterisk | 1.0.3 (including) | 1.0.3 (including) |
| S800i | Asterisk | 1.1.0 (including) | 1.1.0 (including) |
| Asterisk | Ubuntu | gutsy | * |
| Asterisk | Ubuntu | hardy | * |