5
CVE-2009-2534
- EPSS 8.83%
- Veröffentlicht 20.07.2009 17:30:57
- Zuletzt bearbeitet 16.06.2026 23:09:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Realnetworks ≫ Helix Server Version <= 12.0.1
Realnetworks ≫ Helix Server Version11.0
Realnetworks ≫ Helix Server Version12.0.0
Realnetworks ≫ Helix Server Mobile Version <= 12.0.0
Realnetworks ≫ Helix Server Mobile Version11.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.83% | 0.945 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf
http://www.coresecurity.com/content/real-helix-dna
http://www.exploit-db.com/exploits/9198
http://www.securityfocus.com/archive/1/505083/100/0/threaded
http://www.vupen.com/english/advisories/2009/1947
http://osvdb.org/55982
http://www.securityfocus.com/bid/35732