Signature Detail

Short Name	RTSP:SETUP-EMPTY
Severity	Medium
Recommended	No
Category	RTSP
Keywords	Empty Setup String
Release Date	2009/08/06
Update Number	1479
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

RTSP: Empty Setup String

This signature detects attempts to exploit a known vulnerability against Real Media stream server. A successful attack can result in a denial-of-service condition.

Extended Description

RealNetworks Helix Server is prone to a remote denial-of-service vulnerability because it fails to properly handle invalid requests. Exploiting this issue allows remote attackers to cause the server to crash, effectively denying service to legitimate users. These issues affect versions prior to Helix Server and Helix Mobile Server 13.0.0.

Affected Products

Real Networks Helix Mobile Server 11.1.2
Real Networks Helix Mobile Server 11.1.4
Real Networks Helix Mobile Server 11.1.6
Real Networks Helix Mobile Server 11.1.7
Real Networks Helix Mobile Server 11.1.8
Real Networks Helix Mobile Server 12.0.0
Real Networks Helix Mobile Server 12.0.1
Real Networks Helix Mobile Server 12.0.1 .215
Real Networks Helix Server 11.1.2
Real Networks Helix Server 11.1.4
Real Networks Helix Server 11.1.6
Real Networks Helix Server 11.1.7
Real Networks Helix Server 11.1.8
Real Networks Helix Server 12.0.0
Real Networks Helix Server 12.0.1
Real Networks Helix Server 12.0.1 .215

References

BugTraq: 35732
CVE: CVE-2009-2534

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

RTSP: Empty Setup String

Extended Description

Affected Products

References