A vulnerability has been reported in Helix Universal Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to insufficient validation of HTTP requests. This can be exploited to cause a vulnerable server to consume a large amount of memory and CPU resources by sending a specially crafted POST request with the "Content-Length" header set to -1.
The vulnerability has been reported in:
* Helix Universal Mobile Server & Gateway, versions 10.3.1.716 and prior.
* Helix Universal Server, version 9.0.4.958 and prior.
SOFTWARE:
Helix Universal Mobile Server 10.x
Helix Universal Server 9.x
SOLUTION:
Apply updates.
-- Helix Universal Server 9.04 (9.0.4.960) --
Linux:
http://forms.real.com/rnforms/products/servers/download/...&version=Helix+Universal+Server
Sun Solaris 2.8:
http://forms.real.com/rnforms/products/servers/download/...&version=Helix+Universal+Server
Windows:
http://forms.real.com/rnforms/products/servers/download/...&version=Helix+Universal+Server
-- Helix Mobile Universal Server and Gateway 10.04.1226 --
PROVIDED AND/OR DISCOVERED BY:
Discovered by anonymous person and reported via iDEFENSE.
ORIGINAL ADVISORY:
Real Networks:
http://service.real.com/help/faq/security/security100704.html
iDEFENSE:
http://www.idefense.com/application/poi/display?id=151&type=vulnerabilities
http://community.securityteam.us/article.php/20041008101912252