CVE-2020-28361

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.
Configurations

Configuration 1

cpe:2.3:a:kamailio:kamailio:*:*:*:*:*:*:*:*

Information

Published : 2020-11-18 02:15

Updated : 2020-12-03 01:07


NVD link : CVE-2020-28361

Mitre link : CVE-2020-28361

Products Affected
No products.
CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')