GEN:SID | 1:278 |
Message | DOS Real Server template.html |
Summary | This event is generated when a remote attacker transmits a malformed request for a page on a web server port, which can indicate a Denial of Service (DoS) attack on a RealNetworks RealServer.
|
Impact | The RealNetworks RealServer service will crash.
|
Detailed Information | RealNetworks RealServer is a server application that serves streaming audio to clients. When an attacker sends a request for a template file in the /viewsource/ directory with an empty variable value, RealServer crashes.
|
Affected Systems | Systems running RealNetworks RealServer 7.0 with View Source functionality enabled.
|
Attack Scenarios | An attacker sends an HTTP request for /viewsource/template.html? on a RealServer audio server. RealServer crashes, stopping audio transmission.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest version of the software or disable the View Source functionality. The vendor has issued an advisory, workarounds, and downloadable patches at http://service.real.com/help/faq/servgviewsrc.html.
|
Additional References | RealNetworks http://service.real.com/help/faq/servgviewsrc.html
|
Rule References | bugtraq: 1288
cve: 2000-0474
|