Skip to main content

Kamailio CVE-2020-28361

MEDIUM
HTTP Request/Response Smuggling (CWE-444)
2020-11-18 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 18, 2020 - 14:15 nvd
MEDIUM 5.4

DescriptionNVD

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.

AnalysisAI

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as HTTP Request/Response Smuggling (CWE-444), which allows attackers to manipulate HTTP request interpretation between frontend and backend servers. Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue. Affected products include: Kamailio. Version information: before 5.4.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict HTTP parsing, normalize requests at proxy layer, use HTTP/2 end-to-end, reject ambiguous headers.

CVE-2016-2385 CRITICAL POC
9.8 Apr 11

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER a

CVE-2018-16657 CRITICAL POC
9.8 Sep 07

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation

CVE-2018-14767 CRITICAL POC
9.8 Jul 31

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag c

CVE-2013-7426 CRITICAL
9.8 Aug 29

Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. Rated critical severity (CVSS 9.8), this

CVE-2018-8828 CRITICAL
9.8 Mar 20

A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. Rated criti

CVE-2015-1590 HIGH
7.8 Sep 07

The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. Rated high s

CVE-2015-1591 HIGH
7.8 Jun 27

The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. Rated high severity (CVSS 7

CVE-2026-39863 HIGH
7.5 Apr 08

Out-of-bounds memory access in Kamailio SIP server versions before 5.8.8, 6.0.6, and 6.1.1 enables unauthenticated remot

CVE-2025-12207 LOW POC
1.9 Oct 27

Null pointer dereference in Kamailio 5.5.0's grammar rule handler (src/core/cfg.y, yyerror_at function) causes denial of

CVE-2025-12206 LOW POC
1.9 Oct 27

Kamailio 5.5.0 suffers a null pointer dereference in the rve_is_constant function (src/core/rvalue.c) triggered by manip

CVE-2025-12205 LOW POC
1.9 Oct 27

Use-after-free vulnerability in Kamailio 5.5.0 configuration file parser allows local authenticated attackers to cause d

CVE-2025-12204 LOW POC
1.9 Oct 27

Heap-based buffer overflow in Kamailio 5.5.0's rve_destroy function allows local authenticated attackers to cause limite

Share

CVE-2020-28361 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy