製品・ソフトウェアに関する情報

JVN脆弱性詳細

Asterisk Open Source および Certified Asterisk の chan_sip チャネルドライバにおけるプロキシの認証なしに Asterisk に INVITE リクエストを許可される脆弱性

Title	Asterisk Open Source および Certified Asterisk の chan_sip チャネルドライバにおけるプロキシの認証なしに Asterisk に INVITE リクエストを許可される脆弱性
Summary	Asterisk Open Source および Certified Asterisk の chan_sip チャネルドライバは、SIP ヘッダ名とコロン文字間のコンテンツの消去を試行する際、印刷されない ASCII 文字を空白文字とみなすため、プロキシの認証なしに Asterisk に INVITE リクエストを許可され、その後、新しい呼び出しとして処理され、その結果、未調査のソースからの呼び出しが認証なしで処理される脆弱性が存在します。
Possible impacts	有効な To ヘッダと無効な To ヘッダの巧妙な組み合わせを介して、プロキシの認証なしに Asterisk に INVITE リクエストを許可され、その後、新しい呼び出しとして処理され、その結果、未調査のソースからの呼び出しが認証なしで処理される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 8, 2016, midnight
Registration Date	Jan. 6, 2017, 11:48 a.m.
Last Update	Jan. 6, 2017, 11:48 a.m.

CVSS3.0 : 警告
Score	5.3
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:P/A:N

Affected System

Digium

Asterisk 11.25.1 未満の 11.x

Asterisk 13.13.1 未満の 13.x

Asterisk 14.2.1 未満の 14.x

Certified Asterisk 11.6-cert16 未満の 11.x

Certified Asterisk 13.8-cert4 未満の 13.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-9938	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9938
National Vulnerability Database (NVD)
2	CVE-2016-9938	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9938

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-285	https://cwe.mitre.org/data/definitions/285.html

ベンダー情報

No	Name	URL
Asterisk Project Security Advisory
1	ASTERISK-2016-009	http://downloads.asterisk.org/pub/security/AST-2016-009.html

Change Log

No	Changed Details	Date of change
0	[2017年01月06日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-9938

Summary	An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.
Publication Date	Dec. 13, 2016, 6:59 a.m.
Registration Date	Jan. 26, 2021, 2:21 p.m.
Last Update	Nov. 21, 2024, 12:02 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:digium:asterisk:13.1.0:::::::*
cpe:2.3:a:digium:asterisk:13.2.1:::::::*
cpe:2.3:a:digium:asterisk:13.8.0:rc1::::::
cpe:2.3:a:digium:asterisk:11.14.0:::::::*
cpe:2.3:a:digium:asterisk:13.7.1:::::::*
cpe:2.3:a:digium:asterisk:11.2.0:rc2::::::
cpe:2.3:a:digium:asterisk:11.21.0:::::::*
cpe:2.3:a:digium:asterisk:11.22.0:::::::*
cpe:2.3:a:digium:asterisk:11.10.2:::::::*
cpe:2.3:a:digium:asterisk:11.0.0:rc2::::::
cpe:2.3:a:digium:asterisk:11.2.0:::::::*
cpe:2.3:a:digium:asterisk:11.1.1:::::::*
cpe:2.3:a:digium:asterisk:13.1.1:::::::*
cpe:2.3:a:digium:asterisk:11.21.1:::::::*
cpe:2.3:a:digium:asterisk:13.4.0:::::::*
cpe:2.3:a:digium:asterisk:11.10.1:::::::*
cpe:2.3:a:digium:asterisk:11.16.0:::::::*
cpe:2.3:a:digium:asterisk:11.11.0:::::::*
cpe:2.3:a:digium:asterisk:11.12.1:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:beta1::::::
cpe:2.3:a:digium:asterisk:11.23.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.2.0:::::::*
cpe:2.3:a:digium:asterisk:11.0.2:::::::*
cpe:2.3:a:digium:asterisk:11.2.0:rc1::::::
cpe:2.3:a:digium:asterisk:11.0.0:beta1::::::
cpe:2.3:a:digium:asterisk:11.18.0:::::::*
cpe:2.3:a:digium:asterisk:11.17.0:::::::*
cpe:2.3:a:digium:asterisk:13.3.2:::::::*
cpe:2.3:a:digium:asterisk:13.0.1:::::::*
cpe:2.3:a:digium:asterisk:11.7.0:::::::*
cpe:2.3:a:digium:asterisk:11.22.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.7.0:::::::*
cpe:2.3:a:digium:asterisk:14.1.1:::::::*
cpe:2.3:a:digium:asterisk:11.23.1:::::::*
cpe:2.3:a:digium:asterisk:11.12.0:::::::*
cpe:2.3:a:digium:asterisk:13.10.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.10.0:::::::*
cpe:2.3:a:digium:asterisk:11.15.1:::::::*
cpe:2.3:a:digium:asterisk:11.0.0:::::::*
cpe:2.3:a:digium:asterisk:11.10.0:::::::*
cpe:2.3:a:digium:asterisk:13.8.0:::::::*
cpe:2.3:a:digium:asterisk:13.11.1:::::::*
cpe:2.3:a:digium:asterisk:11.25.0:::::::*
cpe:2.3:a:digium:asterisk:11.4.0:::::::*
cpe:2.3:a:digium:asterisk:13.11.0:::::::*
cpe:2.3:a:digium:asterisk:11.13.0:::::::*
cpe:2.3:a:digium:asterisk:13.9.0:::::::*
cpe:2.3:a:digium:asterisk:13.12.0:::::::*
cpe:2.3:a:digium:asterisk:13.3.0:::::::*
cpe:2.3:a:digium:asterisk:11.24.1:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.8.1:::::::*
cpe:2.3:a:digium:asterisk:13.12.2:::::::*
cpe:2.3:a:digium:asterisk:11.1.0:rc3::::::
cpe:2.3:a:digium:asterisk:13.0.0:beta1::::::
cpe:2.3:a:digium:asterisk:11.8.1:::::::*
cpe:2.3:a:digium:asterisk:14.2.0:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:::::::*
cpe:2.3:a:digium:asterisk:14.1.2:::::::*
cpe:2.3:a:digium:asterisk:11.19.0:::::::*
cpe:2.3:a:digium:asterisk:11.1.2:::::::*
cpe:2.3:a:digium:asterisk:13.0.0:::::::*
cpe:2.3:a:digium:asterisk:13.13.0:::::::*
cpe:2.3:a:digium:asterisk:11.21.2:::::::*
cpe:2.3:a:digium:asterisk:11.14.2:::::::*
cpe:2.3:a:digium:asterisk:13.9.1:::::::*
cpe:2.3:a:digium:asterisk:14.0.2:::::::*
cpe:2.3:a:digium:asterisk:11.5.0:::::::*
cpe:2.3:a:digium:asterisk:11.15.0:::::::*
cpe:2.3:a:digium:asterisk:13.3.1:::::::*
cpe:2.3:a:digium:asterisk:11.2.2:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:rc2::::::
cpe:2.3:a:digium:asterisk:11.14.1:::::::*
cpe:2.3:a:digium:asterisk:13.0.2:::::::*
cpe:2.3:a:digium:asterisk:11.1.0:::::::*
cpe:2.3:a:digium:asterisk:13.7.2:::::::*
cpe:2.3:a:digium:asterisk:11.17.1:::::::*
cpe:2.3:a:digium:asterisk:11.0.0:beta2::::::
cpe:2.3:a:digium:asterisk:11.1.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.11.2:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:beta2::::::
cpe:2.3:a:digium:asterisk:14.0.1:::::::*
cpe:2.3:a:digium:asterisk:11.0.1:::::::*
cpe:2.3:a:digium:asterisk:11.8.0:::::::*
cpe:2.3:a:digium:asterisk:13.12.1:::::::*
cpe:2.3:a:digium:asterisk:11.6.0:::::::*
cpe:2.3:a:digium:asterisk:13.5.0:::::::*
cpe:2.3:a:digium:asterisk:11.23.0:::::::*
cpe:2.3:a:digium:asterisk:13.8.2:::::::*
cpe:2.3:a:digium:asterisk:13.0.0:beta3::::::
cpe:2.3:a:digium:asterisk:13.6.0:::::::*
cpe:2.3:a:digium:asterisk:14.1.0:::::::*
cpe:2.3:a:digium:asterisk:11.24.0:::::::*
cpe:2.3:a:digium:asterisk:11.9.0:::::::*
cpe:2.3:a:digium:asterisk:11.2.1:::::::*
cpe:2.3:a:digium:asterisk:11.5.1:::::::*
cpe:2.3:a:digium:asterisk:11.3.0:::::::*
cpe:2.3:a:digium:asterisk:11.13.1:::::::*
cpe:2.3:a:digium:asterisk:11.20.0:::::::*
cpe:2.3:a:digium:asterisk:13.0.0:beta2::::::
cpe:2.3:a:digium:asterisk:11.6.1:::::::*
cpe:2.3:a:digium:asterisk:11.0.0:rc1::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:digium:certified_asterisk:11.6:cert13:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.4.0:rc3::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert8:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert2:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.1.0:rc3::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert7:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert4:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.3.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert3::::::
cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.3.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.0.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert9:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.0.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.5.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert12:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1::::::
cpe:2.3:a:digium:certified_asterisk:11.4.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.4.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.6.0:-::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert2::::::
cpe:2.3:a:digium:certified_asterisk:11.3.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.1.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert14:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert15:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert3:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.4.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.0.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.5.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert11:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.2.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert6:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert10:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.5.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.1.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.1.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert5:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6.0::::lts:::
cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2::::::

Related information, measures and tools

No	URL	タグ
1	http://downloads.asterisk.org/pub/security/AST-2016-009.html	Mitigation Vendor Advisory
2	http://downloads.asterisk.org/pub/security/AST-2016-009.html	Mitigation Vendor Advisory
3	http://www.securityfocus.com/bid/94789	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/94789	Third Party Advisory VDB Entry
5	http://www.securitytracker.com/id/1037408
6	http://www.securitytracker.com/id/1037408

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:digium:asterisk:13.1.0:::::::*
cpe:2.3:a:digium:asterisk:13.2.1:::::::*
cpe:2.3:a:digium:asterisk:13.8.0:rc1::::::
cpe:2.3:a:digium:asterisk:11.14.0:::::::*
cpe:2.3:a:digium:asterisk:13.7.1:::::::*
cpe:2.3:a:digium:asterisk:11.2.0:rc2::::::
cpe:2.3:a:digium:asterisk:11.21.0:::::::*
cpe:2.3:a:digium:asterisk:11.22.0:::::::*
cpe:2.3:a:digium:asterisk:11.10.2:::::::*
cpe:2.3:a:digium:asterisk:11.0.0:rc2::::::
cpe:2.3:a:digium:asterisk:11.2.0:::::::*
cpe:2.3:a:digium:asterisk:11.1.1:::::::*
cpe:2.3:a:digium:asterisk:13.1.1:::::::*
cpe:2.3:a:digium:asterisk:11.21.1:::::::*
cpe:2.3:a:digium:asterisk:13.4.0:::::::*
cpe:2.3:a:digium:asterisk:11.10.1:::::::*
cpe:2.3:a:digium:asterisk:11.16.0:::::::*
cpe:2.3:a:digium:asterisk:11.11.0:::::::*
cpe:2.3:a:digium:asterisk:11.12.1:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:beta1::::::
cpe:2.3:a:digium:asterisk:11.23.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.2.0:::::::*
cpe:2.3:a:digium:asterisk:11.0.2:::::::*
cpe:2.3:a:digium:asterisk:11.2.0:rc1::::::
cpe:2.3:a:digium:asterisk:11.0.0:beta1::::::
cpe:2.3:a:digium:asterisk:11.18.0:::::::*
cpe:2.3:a:digium:asterisk:11.17.0:::::::*
cpe:2.3:a:digium:asterisk:13.3.2:::::::*
cpe:2.3:a:digium:asterisk:13.0.1:::::::*
cpe:2.3:a:digium:asterisk:11.7.0:::::::*
cpe:2.3:a:digium:asterisk:11.22.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.7.0:::::::*
cpe:2.3:a:digium:asterisk:14.1.1:::::::*
cpe:2.3:a:digium:asterisk:11.23.1:::::::*
cpe:2.3:a:digium:asterisk:11.12.0:::::::*
cpe:2.3:a:digium:asterisk:13.10.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.10.0:::::::*
cpe:2.3:a:digium:asterisk:11.15.1:::::::*
cpe:2.3:a:digium:asterisk:11.0.0:::::::*
cpe:2.3:a:digium:asterisk:11.10.0:::::::*
cpe:2.3:a:digium:asterisk:13.8.0:::::::*
cpe:2.3:a:digium:asterisk:13.11.1:::::::*
cpe:2.3:a:digium:asterisk:11.25.0:::::::*
cpe:2.3:a:digium:asterisk:11.4.0:::::::*
cpe:2.3:a:digium:asterisk:13.11.0:::::::*
cpe:2.3:a:digium:asterisk:11.13.0:::::::*
cpe:2.3:a:digium:asterisk:13.9.0:::::::*
cpe:2.3:a:digium:asterisk:13.12.0:::::::*
cpe:2.3:a:digium:asterisk:13.3.0:::::::*
cpe:2.3:a:digium:asterisk:11.24.1:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.8.1:::::::*
cpe:2.3:a:digium:asterisk:13.12.2:::::::*
cpe:2.3:a:digium:asterisk:11.1.0:rc3::::::
cpe:2.3:a:digium:asterisk:13.0.0:beta1::::::
cpe:2.3:a:digium:asterisk:11.8.1:::::::*
cpe:2.3:a:digium:asterisk:14.2.0:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:::::::*
cpe:2.3:a:digium:asterisk:14.1.2:::::::*
cpe:2.3:a:digium:asterisk:11.19.0:::::::*
cpe:2.3:a:digium:asterisk:11.1.2:::::::*
cpe:2.3:a:digium:asterisk:13.0.0:::::::*
cpe:2.3:a:digium:asterisk:13.13.0:::::::*
cpe:2.3:a:digium:asterisk:11.21.2:::::::*
cpe:2.3:a:digium:asterisk:11.14.2:::::::*
cpe:2.3:a:digium:asterisk:13.9.1:::::::*
cpe:2.3:a:digium:asterisk:14.0.2:::::::*
cpe:2.3:a:digium:asterisk:11.5.0:::::::*
cpe:2.3:a:digium:asterisk:11.15.0:::::::*
cpe:2.3:a:digium:asterisk:13.3.1:::::::*
cpe:2.3:a:digium:asterisk:11.2.2:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:rc2::::::
cpe:2.3:a:digium:asterisk:11.14.1:::::::*
cpe:2.3:a:digium:asterisk:13.0.2:::::::*
cpe:2.3:a:digium:asterisk:11.1.0:::::::*
cpe:2.3:a:digium:asterisk:13.7.2:::::::*
cpe:2.3:a:digium:asterisk:11.17.1:::::::*
cpe:2.3:a:digium:asterisk:11.0.0:beta2::::::
cpe:2.3:a:digium:asterisk:11.1.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.11.2:::::::*
cpe:2.3:a:digium:asterisk:14.0.0:beta2::::::
cpe:2.3:a:digium:asterisk:14.0.1:::::::*
cpe:2.3:a:digium:asterisk:11.0.1:::::::*
cpe:2.3:a:digium:asterisk:11.8.0:::::::*
cpe:2.3:a:digium:asterisk:13.12.1:::::::*
cpe:2.3:a:digium:asterisk:11.6.0:::::::*
cpe:2.3:a:digium:asterisk:13.5.0:::::::*
cpe:2.3:a:digium:asterisk:11.23.0:::::::*
cpe:2.3:a:digium:asterisk:13.8.2:::::::*
cpe:2.3:a:digium:asterisk:13.0.0:beta3::::::
cpe:2.3:a:digium:asterisk:13.6.0:::::::*
cpe:2.3:a:digium:asterisk:14.1.0:::::::*
cpe:2.3:a:digium:asterisk:11.24.0:::::::*
cpe:2.3:a:digium:asterisk:11.9.0:::::::*
cpe:2.3:a:digium:asterisk:11.2.1:::::::*
cpe:2.3:a:digium:asterisk:11.5.1:::::::*
cpe:2.3:a:digium:asterisk:11.3.0:::::::*
cpe:2.3:a:digium:asterisk:11.13.1:::::::*
cpe:2.3:a:digium:asterisk:11.20.0:::::::*
cpe:2.3:a:digium:asterisk:13.0.0:beta2::::::
cpe:2.3:a:digium:asterisk:11.6.1:::::::*
cpe:2.3:a:digium:asterisk:11.0.0:rc1::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:digium:certified_asterisk:11.6:cert13:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.4.0:rc3::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert8:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert2:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.1.0:rc3::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert7:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert4:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.3.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert3::::::
cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.3.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.0.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert9:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.0.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.5.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert12:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1::::::
cpe:2.3:a:digium:certified_asterisk:11.4.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.4.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.6.0:-::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert2::::::
cpe:2.3:a:digium:certified_asterisk:11.3.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.1.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert14:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert15:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert3:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.4.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.0.0:rc2::::::
cpe:2.3:a:digium:certified_asterisk:11.5.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.6:cert11:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.2.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert6:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert10:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.5.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.1.0:rc1::::::
cpe:2.3:a:digium:certified_asterisk:11.1.0:::::::*
cpe:2.3:a:digium:certified_asterisk:11.6:cert5:::lts:::*
cpe:2.3:a:digium:certified_asterisk:11.6.0::::lts:::
cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2::::::