RealServer Long ramgen Request Remote DoS

medium Nessus Plugin ID 10199

Synopsis

The remote server is vulnerable to a denial of service.

Description

It was possible to crash the remote Real Server by sending the request :

GET /ramgen/AAAAA[...]AAA HTTP/1.1

An attacker may use this flaw to prevent this system from serving Real Audio or Video content to legitimate clients.

Solution

Upgrade to a fixed version of RealServer.

Plugin Details

Severity: Medium

ID: 10199

File Name: ramcrash.nasl

Version: 1.29

Type: remote

Family: Denial of Service

Published: 1/9/2000

Updated: 7/25/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/22/1999

Reference Information

CVE: CVE-2000-0001

BID: 888

Detections

Analytics