PT-2017-10162 · Revive Adserver Team · Revive Adserver

Joel Noguera

Published

2017-03-28

Updated

2019-10-09

CVE-2016-9471

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.2.5 Revive Adserver versions prior to 4.0.0

Description The issue concerns Special Element Injection due to improper sanitization of usernames when creating users on a Revive Adserver instance. Specifically, control characters were not filtered, allowing multiple usernames that appear identical to co-exist in the system. This could be exploited for user spoofing, although it requires elevated privileges to create users within Revive Adserver.

Recommendations For Revive Adserver versions prior to 3.2.5, update to version 3.2.5 or later. For Revive Adserver versions prior to 4.0.0, update to version 4.0.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-75

Related Identifiers

CVE-2016-9471

Affected Products

Revive Adserver

PT-2017-10162 · Revive Adserver Team · Revive Adserver

CVE-2016-9471

Weakness Enumeration

Related Identifiers

Affected Products

References · 5