Intrusion Prevention

RealNetworks.Helix.Server.Content.Length.DoS

Description

It indicates a possible exploit of Denial of Service Vulnerability in RealNetworks Helix Universal Server.


RealNetworks Helix Universal Server is a streaming audio server that supports all major media file formats. A Denial of Service vulnerability is reported in it that may be exploited by an attacker via a POST request with a Content-Length header set to -1. The problem surrounds the mishandling of some POST headers values. An attacker can exploit this issue to cause the affected server to consume excessive computer resources and hang, denying service to legitimate users.

Affected Products

Real Networks Helix Universal Mobile Server 10.3.1 .716 , Helix Universal Gateway 9.0.2 .881 and earlier versions.

Impact

Denial of Service.

Recommended Actions

Apply patch according to vendor advisory http://www.service.real.com/help/faq/security/security100704.html

CVE References

CVE-2004-0774