Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1985

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-1985
Last Modified 13 Aug 2012 11:36:53
Published 17 Apr 2012 12:26:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1985

Summary

Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL.

Vulnerable Systems

Application

  • Realnetworks Helix Mobile Server 14.0.0

  • Realnetworks Helix Mobile Server 14.0.1

  • Realnetworks Helix Server 14.0.0

  • Realnetworks Helix Server 14.0.1

  • Realnetworks Helix Server 14.2

  • Realnetworks Helix Server 14.2.0.212


References

CONFIRM - http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf

BID - 52929


Last Updated: 27 May 2016 10:58:24