| Vulnerability Name: | CVE-2002-1643 (CCN-10915) | ||||||||
| Assigned: | 2002-12-19 | ||||||||
| Published: | 2002-12-19 | ||||||||
| Updated: | 2017-12-23 | ||||||||
| Summary: | Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-1643 Source: CCN Type: US-CERT VU#329561 RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string within the Transport field of a SETUP RTSP request Source: CCN Type: US-CERT VU#974689 RealNetworks Helix Universal Server vulnerable to buffer overflow when sent two simultaneous HTTP requests containing a long string of characters Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#974689 Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR20122002 Multiple Buffer overruns RealNetworks Helix Universal Server 9.0 Source: MISC Type: Vendor Advisory http://www.nextgenss.com/advisories/realhelix.txt Source: BUGTRAQ Type: Vendor Advisory 20021220 RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002) Source: BID Type: Exploit, Patch 6454 Source: CCN Type: BID-6454 RealNetworks Helix Universal Server RTSP Transport Buffer Overflow Vulnerability Source: BID Type: Patch 6456 Source: CCN Type: BID-6456 RealNetworks Helix Universal Server RTSP Describe Buffer Overflow Vulnerability Source: BID Type: Patch 6458 Source: CCN Type: BID-6458 RealNetworks Helix Universal Server Long URI Dual HTTP Request Buffer Overflow Vulnerability Source: CCN Type: BID-7020 Real Networks Helix Universal Server/RealServer RTSP URI Handling Buffer Overflow Vulnerabilities Source: CCN Type: RealNetworks Support Web site Potential Buffer Overrun Vulnerabilities in Helix Universal Server 8.01 Source: CCN Type: RealNetworks Support Web site Potential Buffer Overrun Vulnerabilities in Helix Universal Server 9.0 Source: CONFIRM Type: Patch http://www.service.real.com/help/faq/security/bufferoverrun12192002.html Source: XF Type: UNKNOWN helix-rtsp-setup-bo(10915) Source: XF Type: UNKNOWN helix-rtsp-setup-bo(10915) Source: XF Type: UNKNOWN helix-rtsp-describe-bo(10916) Source: XF Type: UNKNOWN helix-http-get-bo(10917) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2002-1643 (CCN-10916) | ||||||||
| Assigned: | 2002-12-19 | ||||||||
| Published: | 2002-12-19 | ||||||||
| Updated: | 2017-12-23 | ||||||||
| Summary: | Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-1643 Source: CCN Type: US-CERT VU#485057 RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string for the Describe field Source: CCN Type: US-CERT VU#974689 RealNetworks Helix Universal Server vulnerable to buffer overflow when sent two simultaneous HTTP requests containing a long string of characters Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR20122002 Multiple Buffer overruns RealNetworks Helix Universal Server 9.0 Source: CCN Type: BID-6454 RealNetworks Helix Universal Server RTSP Transport Buffer Overflow Vulnerability Source: CCN Type: BID-6456 RealNetworks Helix Universal Server RTSP Describe Buffer Overflow Vulnerability Source: CCN Type: BID-6458 RealNetworks Helix Universal Server Long URI Dual HTTP Request Buffer Overflow Vulnerability Source: CCN Type: BID-7020 Real Networks Helix Universal Server/RealServer RTSP URI Handling Buffer Overflow Vulnerabilities Source: CCN Type: RealNetworks Support Web site Potential Buffer Overrun Vulnerabilities in Helix Universal Server 9.0 Source: XF Type: UNKNOWN helix-rtsp-describe-bo(10916) | ||||||||
| Vulnerability Name: | CVE-2002-1643 (CCN-10917) | ||||||||
| Assigned: | 2002-12-20 | ||||||||
| Published: | 2002-12-20 | ||||||||
| Updated: | 2002-12-20 | ||||||||
| Summary: | RealNetworks' Helix Universal Server is vulnerable to a buffer overflow, caused by improper handling of simultaneous HTTP requests. By sending two simultaneous overly long HTTP GET requests, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-1643 Source: CCN Type: US-CERT VU#974689 RealNetworks Helix Universal Server vulnerable to buffer overflow when sent two simultaneous HTTP requests containing a long string of characters Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR20122002 Multiple Buffer overruns RealNetworks Helix Universal Server 9.0 Source: CCN Type: BID-6454 RealNetworks Helix Universal Server RTSP Transport Buffer Overflow Vulnerability Source: CCN Type: BID-6456 RealNetworks Helix Universal Server RTSP Describe Buffer Overflow Vulnerability Source: CCN Type: BID-6458 RealNetworks Helix Universal Server Long URI Dual HTTP Request Buffer Overflow Vulnerability Source: CCN Type: BID-7020 Real Networks Helix Universal Server/RealServer RTSP URI Handling Buffer Overflow Vulnerabilities Source: CCN Type: RealNetworks Support Web site Potential Buffer Overrun Vulnerabilities in Helix Universal Server 9.0 Source: XF Type: UNKNOWN helix-http-get-bo(10917) | ||||||||
| BACK | |||||||||