CVE-2016-9470

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.2.5 Revive Adserver versions prior to 4.0.0

Description The issue allows attackers to gain control over a victim's machine through a Reflected File Download (RFD) web attack vector. This is achieved by virtually downloading a file from a trusted domain. The "www/delivery/asyncspc.php" endpoint was vulnerable to this attack.

Recommendations For Revive Adserver versions prior to 3.2.5, update to version 3.2.5 or later. For Revive Adserver versions prior to 4.0.0, update to version 4.0.0 or later. As a temporary workaround, consider restricting access to the "www/delivery/asyncspc.php" endpoint until a patch is available.