SecuritySpace - CVE-2020-28361

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2020-28361

Description: Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.

Test IDs: 1.3.6.1.4.1.25623.1.0.170373

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2020-28361
https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html
https://support.sippysoft.com/support/discussions/topics/3000179616

CVE ID:	CVE-2020-28361
Description:	Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.
Test IDs:	1.3.6.1.4.1.25623.1.0.170373
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2020-28361 https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html https://support.sippysoft.com/support/discussions/topics/3000179616