CVE-2016-9471

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.2.5 Revive Adserver versions prior to 4.0.0

Description The issue concerns Special Element Injection due to improper sanitization of usernames when creating users on a Revive Adserver instance. Specifically, control characters were not filtered, allowing multiple usernames that appear identical to co-exist in the system. This could be exploited for user spoofing, although it requires elevated privileges to create users within Revive Adserver.

Recommendations For Revive Adserver versions prior to 3.2.5, update to version 3.2.5 or later. For Revive Adserver versions prior to 4.0.0, update to version 4.0.0 or later.