CVE-2004-0389 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Realnetworks	Helix Universal Server	9.0.1

Related Weaknesses (CWE)

CWE-476

References

http://secunia.com/advisories/11395Broken LinkVendor Advisory
http://www.idefense.com/application/poi/display?id=102&type=vulnerabilitiesBroken LinkExploitPatch
http://www.securityfocus.com/bid/10157Broken LinkExploitThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15880Third Party AdvisoryVDB Entry
http://secunia.com/advisories/11395Broken LinkVendor Advisory
http://www.idefense.com/application/poi/display?id=102&type=vulnerabilitiesBroken LinkExploitPatch
http://www.securityfocus.com/bid/10157Broken LinkExploitThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15880Third Party AdvisoryVDB Entry

FAQ

What is CVE-2004-0389?

CVE-2004-0389 is a vulnerability with a CVSS score of 7.5 (HIGH). RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_P...

How severe is CVE-2004-0389?

CVE-2004-0389 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0389?

Check the references section above for vendor advisories and patch information. Affected products include: Realnetworks Helix Universal Server.