Search for vulnerabilities
Vulnerability details: VCID-kn6t-1nsn-aaak
Vulnerability ID VCID-kn6t-1nsn-aaak
Aliases CVE-2008-3903
Summary Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00487 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00650 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00650 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00650 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00650 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00650 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00650 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00666 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00696 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=461271
cvssv2 3.5 https://nvd.nist.gov/vuln/detail/CVE-2008-3903
Reference id Reference type URL
http://downloads.asterisk.org/pub/security/AST-2009-003.html
http://misel.com/?p=52
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3903.json
https://api.first.org/data/v1/epss?cve=CVE-2008-3903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3903
http://secunia.com/advisories/34982
http://secunia.com/advisories/37677
http://security.gentoo.org/glsa/glsa-200905-01.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/45059
http://www.debian.org/security/2009/dsa-1952
http://www.securityfocus.com/bid/34353
http://www.vupen.com/english/advisories/2009/0933
461271 https://bugzilla.redhat.com/show_bug.cgi?id=461271
522528 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522528
cpe:2.3:a:asterisk:p_b_x:1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:p_b_x:1.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:p_b_x:1.2.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:p_b_x:1.2.22:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:p_b_x:1.4.21.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:p_b_x:1.4.21.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:p_b_x:1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:p_b_x:1.6:*:*:*:*:*:*:*
cpe:2.3:a:trixbox:pbx:2.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:trixbox:pbx:2.6.1:*:*:*:*:*:*:*
CVE-2008-3903 https://nvd.nist.gov/vuln/detail/CVE-2008-3903
GLSA-200905-01 https://security.gentoo.org/glsa/200905-01
No exploits are available.
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-3903
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.61062
EPSS Score 0.00456
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.