Detections
Analytics
RealNetworks Helix Server 12.x Multiple DoS
medium Nessus Network Monitor Plugin ID 5100
Synopsis
The remote media streaming server is affected by multiple denial of service vulnerabilities.Description
According to its banner, the remote host is running version 12.x of RealNetworks Helix Server / Helix Mobile Server. Such versions are reportedly affected by multiple issues :- By sending a specially crafted 'RTSP' (SET_PARAMETERS) request with 'DataConvertBuffer' parameter set to empty, an attacker may be able to crash the remote Helix server process. (CVE-2009-2533)
- By sending a 'SETUP' request without including a '/' character in it, a remote attacker may be able to crash the remote Helix server process. (CVE-2009-2534)
Solution
Update to RealNetworks Helix Server / Helix Mobile Server 13.0.0 or later.See Also
http://www.coresecurity.com/content/real-helix-dna
http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf
http://archives.neohapsis.com/archives/bugtraq/2009-07/0122.html
Plugin Details
Severity: Medium
ID: 5100
Family: Web Servers
Published: 7/21/2009
Updated: 3/6/2019
Nessus ID: 40350
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:realnetworks:helix_server
Patch Publication Date: 7/14/2009
Vulnerability Publication Date: 7/17/2009
Reference Information
CVE: CVE-2009-2533, CVE-2009-2534