Unrated severityNVD Advisory· Published Oct 16, 2007· Updated Apr 23, 2026

CVE-2007-5469

Description

OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons.

Affected products

Openser/Openser
cpe:2.3:a:openser:openser:1.2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27204nvdVendor Advisory
bugs.debian.org/cgi-bin/bugreport.cginvd
lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.htmlnvd
lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.htmlnvd
lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.htmlnvd
www.securityfocus.com/bid/26057nvd
exchange.xforce.ibmcloud.com/vulnerabilities/37197nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000