CVE-2004-0389
published 2004-06-01CVE-2004-0389: RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
52.49%
98.8th percentile
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_universal_server | — | — |
| realnetworks | helix_universal_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect malformed RTSP GET_PARAMETER requests with no headers/body sent to port 554 — a bare 'GET_PARAMETER / RTSP/1.0' with only a double newline is the DoS trigger. ↗
- →Detect malformed RTSP DESCRIBE requests containing a 'Session:' header with an empty/null value sent to port 554 — this triggers the null dereference crash. ↗
- →Monitor RTSP traffic on port 554 for requests that trigger null dereference conditions; specifically malformed GET_PARAMETER or DESCRIBE methods with missing or empty Session headers. ↗
- ·The vulnerability affects only RealNetworks Helix Universal Server versions 9.0.1 and 9.0.2; detection rules targeting these RTSP anomalies should be scoped to environments running these specific versions to reduce false positives. ↗
- ·The attack vector is the RTSP protocol (Real-Time Streaming Protocol); ensure network monitoring covers RTSP port 554 specifically, as the DoS is triggered via RTSP method abuse rather than HTTP. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/11395http://www.idefense.com/application/poi/display?id=102&type=vulnerabilitieshttp://www.securityfocus.com/bid/10157https://exchange.xforce.ibmcloud.com/vulnerabilities/15880http://secunia.com/advisories/11395http://www.idefense.com/application/poi/display?id=102&type=vulnerabilitieshttp://www.securityfocus.com/bid/10157https://exchange.xforce.ibmcloud.com/vulnerabilities/15880
2004-06-01
Published