Mbeccati

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 5.1.0 **Description** The issue allows for open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the "lg.php" and "ck.php" delivery scripts. This functionality was previously available by design to enable third-party ad servers to track metrics when delivering ads. However, with third-party click tracking via redirects no longer being a viable option, this open redirect functionality has been removed and is now considered a vulnerability. **Recommendations** For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `lg.php` and `ck.php` delivery scripts to minimize the risk of exploitation. Avoid using the `dest`, `oadest`, and `ct0` parameters in these scripts until the issue is resolved.