CVE-2009-2534

Exploit

EPSS 11.17%
Veröffentlicht 20.07.2009 17:30:57
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Realnetworks ≫ Helix Server Version <= 12.0.1

Realnetworks ≫ Helix Server Version11.0

Realnetworks ≫ Helix Server Version12.0.0

Realnetworks ≫ Helix Server Mobile Version <= 12.0.0

Realnetworks ≫ Helix Server Mobile Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	11.17%	0.928

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf

http://www.coresecurity.com/content/real-helix-dna

Exploit

http://www.exploit-db.com/exploits/9198

http://www.securityfocus.com/archive/1/505083/100/0/threaded

http://www.vupen.com/english/advisories/2009/1947

http://osvdb.org/55982

http://www.securityfocus.com/bid/35732

https://nvd.nist.gov/vuln/detail/CVE-2009-2534

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2534

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2534

EUVD