This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.
The remote media streaming server is affected by multiple denial of
According to its banner, The remote host is running version 12.x of
RealNetworks Helix Server / Helix Mobile Server. Such versions are
reportedly affected by multiple issues :
- By sending a specially crafted 'RTSP' (SET_PARAMETERS)
request with a 'DataConvertBuffer' parameter and either
no 'Content-Length' header or an invalid 'Content-Length'
header, an attacker may be able to crash the remote Helix
server process. (CVE-2009-2533)
- By sending a 'SETUP' request without including a '/'
character in it, a remote attacker may be able to crash
the remote Helix server process. (CVE-2009-2534)
See also :
Update to RealNetworks Helix Server / Helix Mobile Server 13.0.0 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Nessus Plugin ID: 40350 (helix_svr_13_multiple.nasl)
Bugtraq ID: 3573135732
CVE ID: CVE-2009-2533CVE-2009-2534
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.