Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Helix RealServer Remote Integer Handling DoS

High

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

RealServer versions 9.0.4.958 and prior as well as 10.3.1.716 and prior are vulnerable to a remote Denial of Service (DoS) attack when they are presented with an invalid (negative) integer for the Content-Length field. An attacker exploiting this flaw would need to be able to connect to the RealServer (default port 554) and issue a malformed request. A successful attack would consume large amounts of memory on the RealServer, eventually ending in the unavailability of the server.

Solution

Upgrade to version 9.0.4.960, 10.3.1.718 or higher.