PT-2017-10146 · Revive Adserver Team · Revive Adserver
Decidedlygray
·
Published
2017-03-28
·
Updated
2017-03-30
·
CVE-2016-9455
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Revive Adserver versions prior to 3.2.3
Description
The issue affects the user interface of Revive Adserver, where several scripts are susceptible to Cross-Site Request Forgery (CSRF) attacks. The vulnerable scripts include
www/admin/banner-acl.php, www/admin/banner-activate.php, www/admin/banner-advanced.php, www/admin/banner-modify.php, www/admin/banner-swf.php, www/admin/banner-zone.php, and www/admin/tracker-modify.php.Recommendations
For Revive Adserver versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable scripts until the update can be applied.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Revive Adserver