TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
|Product:||TVMOBiLi media server|
|Vulnerable Versions:||188.8.131.5257 and probably prior version|
|Tested Version:||184.108.40.20657 in Windows XP SP3 32 bits|
|Advisory Publication:||October 15, 2012 [without technical details]|
|Vendor Notification:||October 15, 2012|
|Vendor Fix:||November 21, 2012|
|Public Disclosure:||December 5, 2012|
|Latest Update:||November 27, 2012|
|Vulnerability Type:||Improper Handling of Length Parameter Inconsistency [CWE-130]|
|CVSSv2 Base Score:||5 (AV:N/AC:L/Au:N/C:N/I:N/A:P)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge Security Research Lab has discovered 2 remote DoS vulnerabilities in TVMOBiLi Media server, which could be exploited to crash remote server with malicious HTTP requests.
|Upgrade to TVMOBiLi 220.127.116.1174|
| High-Tech Bridge Advisory HTB23120 - https://www.htbridge.com/advisory/HTB23120 - TvMobili Media Server Multiple Remote DoS Vulnerabilities.|
 TVMOBiLi LTD - http://www.tvmobili.com - TVMOBiLi is a free Media server for Mac, Windows, and Linux Operating Systems.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.