RealNetworks.Helix.Server.Content.Length.DoS

description-logoDescription

It indicates a possible exploit of Denial of Service Vulnerability in RealNetworks Helix Universal Server.


RealNetworks Helix Universal Server is a streaming audio server that supports all major media file formats. A Denial of Service vulnerability is reported in it that may be exploited by an attacker via a POST request with a Content-Length header set to -1. The problem surrounds the mishandling of some POST headers values. An attacker can exploit this issue to cause the affected server to consume excessive computer resources and hang, denying service to legitimate users.

affected-products-logoAffected Products

Real Networks Helix Universal Mobile Server 10.3.1 .716 , Helix Universal Gateway 9.0.2 .881 and earlier versions.

Impact logoImpact

Denial of Service.

recomended-action-logoRecommended Actions

Apply patch according to vendor advisory http://www.service.real.com/help/faq/security/security100704.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)