CVE-2012-1985
RealNetworks Helix Server and Helix Mobile Server 14.x - Cross-Site Request Forgery via Malformed URL
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52929
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74678
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026898
Vendor Advisory x_refsource_confirm
http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf
Scores
EPSS
0.0022
EPSS Percentile
44.5%
Details
CWE
CWE-352
Status
published
Products (6)
realnetworks/helix_mobile_server
14.0.0
realnetworks/helix_mobile_server
14.0.1
realnetworks/helix_server
14.0.0
realnetworks/helix_server
14.0.1
realnetworks/helix_server
14.2
realnetworks/helix_server
14.2.0.212
Published
Apr 17, 2012
Tracked Since
Feb 18, 2026