Remote Crash Vulnerability in WebSocket Server affects Certified Asterisk version 11.6, and Open Source versions 11.x, 12.x, and 13.x. Administrators must ensure that the built-in HTTP server is disabled, upgrade to a version listed in the advisory, or apply the applicable patch.
Read the full advisory here – http://downloads.asterisk.org/pub/security/AST-2014-019.html