Skip to content
Snippets Groups Projects
Commit c9f0b565 authored by Mark Michelson's avatar Mark Michelson
Browse files

Mitigate possible HTTP injection attacks using CURL() function in Asterisk. 

CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
can be performed given properly-crafted URLs.

Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
get cURL URLs from user input or remote sources, we have made a patch to Asterisk
to prevent such HTTP injection attacks from originating from Asterisk.

ASTERISK-24676 #close
Reported by Matt Jordan

Review: https://reviewboard.asterisk.org/r/4364

AST-2015-002



git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431297 65c4cc65-6c06-0410-ace0-fbb531ad65f3
parent 5e446681
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 83 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment