[asterisk-bugs] [JIRA] (ASTERISK-20653) Asterisk allows Session-Expires below 90 in a 200 OK
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Thu Nov 8 10:54:21 CST 2012
[ https://issues.asterisk.org/jira/browse/ASTERISK-20653?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-20653:
-----------------------------------
Status: Open (was: Triage)
> Asterisk allows Session-Expires below 90 in a 200 OK
> ----------------------------------------------------
>
> Key: ASTERISK-20653
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-20653
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Affects Versions: 1.8.17.0, 10.9.0, 11.0.1
> Environment: Asterisk testsuite, Ubuntu 10.04
> Reporter: Kinsey Moore
> Attachments: rfc_breakers.diff
>
>
> When Asterisk initiates a call to a SIP device, that SIP device may specify a Session-Expires header that falls outside of what is allowed by RFC4028. Asterisk will honor this value instead of tearing down the call as would be appropriate. See the first review on https://reviewboard.asterisk.org/r/2180/ for further details. This can be replicated by modifying one of the SIPp UAS scenarios in the review (where Asterisk is UAC) to reduce the Session-Expires header in the 200 OK response to 10.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list