| VID |
22260 |
| Severity |
30 |
| Port |
7070,8080 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The target Real Server has a memory disclosure vulnerability. RealNetworks RealServer is a popular streaming audio and video server. RealServer versions 7.0 and earlier could allow a remote attacker to obtain portions of RealServer's memory contents, possibly including sensitive information. A remote attacker can pass the /admin/includes/ URL request to the server to receive random pieces of the server's runtime memory which may contain information on previous sessions including cookies, usernames, passwords and the port number where the administrative server listens on.
* References:
http://service.real.com/help/faq/security/memory.html
http://www.core-sdi.com/advisories/real_server.htm
* Platforms Affected:
RealNetworks, Inc., RealServer 5.0
RealNetworks, Inc., RealServer 6.0
RealNetworks, Inc., RealServer 7.0
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of RealServer, available from the RealNetwork Technical Support Web site at http://service.real.com/help/faq/security/memory.html |
| Related URL |
CVE-2000-1181 (CVE) |
| Related URL |
1957 (SecurityFocus) |
| Related URL |
5538 (ISS) |
|
