CVE-2016-9455

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.2.3

Description The issue affects the user interface of Revive Adserver, where several scripts are susceptible to Cross-Site Request Forgery (CSRF) attacks. The vulnerable scripts include www/admin/banner-acl.php, www/admin/banner-activate.php, www/admin/banner-advanced.php, www/admin/banner-modify.php, www/admin/banner-swf.php, www/admin/banner-zone.php, and www/admin/tracker-modify.php.

Recommendations For Revive Adserver versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable scripts until the update can be applied.