Radware (NASDAQ: RDWR), the leading global provider of integrated application delivery solutions for business-smart networking, today announced that the research team of its Security Operations Center discovered a denial of service vulnerability in YATE (Yet Another Telephony Application) release 1.1.0, a production-ready next-generation telephony engine. An immediate protection is available as part of Radware Security Update Service (SUS) safeguarding customer infrastructures in advance of public disclosure of the flaw.
The SIP channel module of YATE contains a denial of service vulnerability. By default no authentication is required to exploit this vulnerability, allowing for spoofed UDP SIP messages to trigger the flaw. Exploiting this vulnerability could cause disruption of the VoIP infrastructure.
Radware Security Research Center has notified YATE about the existence of a denial of service vulnerability in YATE release 1.1.0 on March 25, 2007. On April 16th YATE released a fix version 1.2.0 that addresses this vulnerability. On April 29th Radware released attack database protection against this vulnerability. On May 1st the advisory was released.
Radware DefensePro customers are protected against this vulnerability with the release of attack database version 0006.0030.00 by RWID's 7334, 7338 and 7342.
About Radware
Radware (NASDAQ:RDWR), the global leader in integrated application delivery solutions, assures the full availability, maximum performance, and complete security of business-critical applications for more than 5,000 enterprises and carriers worldwide. With APSolute, Radware's comprehensive and award-winning suite of intelligent front end, access, and security products, companies in every industry can drive business productivity, improve profitability, and reduce IT operating and infrastructure costs by making their networks "business smart". For more information, please visit www.radware.com.
This press release may contain forward-looking statements that are subject to risks and uncertainties. Factors that could cause actual results to differ materially from these forward-looking statements include, but are not limited to, general business conditions in the Application Switching industry, changes in demand for Application Switching products, the timing and amount or cancellation of orders and other risks detailed from time to time in Radware's filings with the Securities and Exchange Commission, including Radware's Form 20-F.
Meir Moshe, Radware Ltd.; 011-972-3766-8610 or meirm@radware.com
Investor Relations: Dennis S. Dobson; 203-255-7902 or IR@radware.com