WebSocket Payload Size 0 Mishandling Vulnerability in Asterisk 15.x through 15.2.1

WebSocket Payload Size 0 Mishandling Vulnerability in Asterisk 15.x through 15.2.1

CVE-2018-7287 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

Learn more about our Web App Pen Testing.