Asterisk Project Security Advisory - AST-2018-008
https://packetstormsecurity.com/files/148138/AST-2018-008.txt
https://packetstormsecurity.com/files/148138/AST-2018-008.txthttps://packetstormsecurity.com/files/148138/Asterisk-Project-Security-Advisory-AST-2018-008.htmlMon, 11 Jun 2018 23:56:01 GMTAsterisk Project Security Advisory - When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.