Helix Server < 11.1.4 RTSP Command Multiple Requires Overflow
High Nessus Network Monitor Plugin ID 4192
SynopsisThe remote RTSP server is prone to a buffer overflow.
DescriptionThe remote host is running Helix Server or Helix DNA Server, a media streaming server. The version of the Helix server installed on the remote host reportedly contains a heap overflow that is triggered using an RTSP command with multiple 'Require' headers. An unauthenticated remote attacker can leverage this flaw to execute arbitrary code subject to the privileges under which it operates, by default LOCAL SYSTEM on Windows.
SolutionUpgrade to Helix Server / Helix DNA Server version 11.1.4 or higher.