RealServer内部IP地址泄漏漏洞

漏洞信息详情

RealServer内部IP地址泄漏漏洞

• CNNVD编号：CNNVD-200003-015
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0185
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2000-03-08
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-01-05
  
• 厂        商：
  
  realnetworks
• 漏洞来源：
  Posted to Bugtraq …

RealMedia RealServer 泄露Real Server的真正IP地址，即使这个地址应该是私有的。

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Real Networks’ response:
1. Add the following line to the end of your rmserver.cfg:

2. In the URL add the text “?usehostname” so that your URL will look like:
http://demos.real.com:8080/ramgen/g2video.rm?usehostname
The variable is only supported in
the RealServer 6.1 Beta version.

来源: BID
名称: 1049
链接:http://www.securityfocus.com/bid/1049

来源: BUGTRAQ
名称: 20000308 RealServer exposes internal IP addresses
链接:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html