RealNetworks Helix Server < 13.0.0 Multiple Remote DoS

Medium Nessus Plugin ID 40350


The remote media streaming server is affected by multiple denial of service vulnerabilities.


According to its banner, The remote host is running version 12.x of RealNetworks Helix Server / Helix Mobile Server. Such versions are reportedly affected by multiple issues :

- By sending a specially crafted 'RTSP' (SET_PARAMETERS) request with a 'DataConvertBuffer' parameter and either no 'Content-Length' header or an invalid 'Content-Length' header, an attacker may be able to crash the remote Helix server process. (CVE-2009-2533)

- By sending a 'SETUP' request without including a '/' character in it, a remote attacker may be able to crash the remote Helix server process. (CVE-2009-2534)


Update to RealNetworks Helix Server / Helix Mobile Server 13.0.0 or later.

See Also

Plugin Details

Severity: Medium

ID: 40350

File Name: helix_svr_13_multiple.nasl

Version: $Revision: 1.7 $

Type: remote

Family: Misc.

Published: 2009/07/21

Modified: 2016/10/10

Dependencies: 10762

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/07/14

Vulnerability Publication Date: 2009/07/17

Reference Information

CVE: CVE-2009-2533, CVE-2009-2534

BID: 35731, 35732

OSVDB: 55981, 55982

Secunia: 35815

CWE: 20