Helix RealServer Remote Integer Handling DoS
High Nessus Network Monitor Plugin ID 2357
SynopsisThe remote host is vulnerable to a Denial of Service (DoS) attack.
DescriptionRealServer versions 188.8.131.528 and prior as well as 10.3.1.716 and prior are vulnerable to a remote Denial of Service (DoS) attack when they are presented with an invalid (negative) integer for the Content-Length field. An attacker exploiting this flaw would need to be able to connect to the RealServer (default port 554) and issue a malformed request. A successful attack would consume large amounts of memory on the RealServer, eventually ending in the unavailability of the server.
SolutionUpgrade to version 184.108.40.2060, 10.3.1.718 or higher.