| VID |
22293 |
| Severity |
30 |
| Port |
7070,8080 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Helix Universal Server, according to its version number, has a Denial of Service Vulnerability by a malformed POST request. RealNetworks' Helix Universal Server is a streaming audio server that supports all major media file formats. Helix Universal Server version 9.0.4.958 and earlier versions and Helix Universal Mobile Server & Gateway versions 10.3.1.716 and earlier versions are vulnerable to a denial of service attack, caused by the mishandling of some POST headers values. A remote attacker can exploit this vulnerability to cause the affected server to consume excessive computer resources and hang, denying service to legitimate users.
* Note: This check solely relied on the version number of the remote Helix Universal Server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0182.html
http://www.idefense.com/application/poi/display?id=151&type=vulnerabilities
* Platforms Affected:
RealNetworks, Inc., Helix Universal Mobile Server & Gateway 10.3.1.716 and prior
RealNetworks, Inc., Helix Universal Server 9.0.4.958 and prior
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Helix Universal Server (Helix Universal Server 9.0.4.960 or later and Helix Mobile Universal Server and Gateway 10.04.1226 or later), as listed in the RealNetworks, Inc. Security Advisory at http://service.real.com/help/faq/security/security100704.html |
| Related URL |
CVE-2004-0774 (CVE) |
| Related URL |
11352 (SecurityFocus) |
| Related URL |
17648 (ISS) |
|
