cbcvebase.
CVE-2004-0389
published 2004-06-01

CVE-2004-0389: RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null…

PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
52.49%
98.8th percentile
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.

Affected

2 ranges
VendorProductVersion rangeFixed in
realnetworkshelix_universal_server
realnetworkshelix_universal_server

Detection & IOCsextracted from sources · hover to see the quote

commandecho -e "GET_PARAMETER / RTSP/1.0\n\n" | nc -v localhost 554
commandecho -e "DESCRIBE / RTSP/1.0\nSession:\n\n" | nc -v localhost 554
port554
  • Detect malformed RTSP GET_PARAMETER requests with no headers/body sent to port 554 — a bare 'GET_PARAMETER / RTSP/1.0' with only a double newline is the DoS trigger.
  • Detect malformed RTSP DESCRIBE requests containing a 'Session:' header with an empty/null value sent to port 554 — this triggers the null dereference crash.
  • Monitor RTSP traffic on port 554 for requests that trigger null dereference conditions; specifically malformed GET_PARAMETER or DESCRIBE methods with missing or empty Session headers.
  • ·The vulnerability affects only RealNetworks Helix Universal Server versions 9.0.1 and 9.0.2; detection rules targeting these RTSP anomalies should be scoped to environments running these specific versions to reduce false positives.
  • ·The attack vector is the RTSP protocol (Real-Time Streaming Protocol); ensure network monitoring covers RTSP port 554 specifically, as the DoS is triggered via RTSP method abuse rather than HTTP.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.