PT-2017-9962 · Revive Adserver Team · Revive Adserver

Kamini Singh

Published

2017-03-28

Updated

2019-10-09

CVE-2016-9125

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.2.3

Description The issue allows arbitrary session identifiers to be forced and does not invalidate the existing session upon successful authentication, potentially enabling an attacker to steal an authenticated session under certain circumstances.

Recommendations For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2016-9125

Affected Products

Revive Adserver

PT-2017-9962 · Revive Adserver Team · Revive Adserver

CVE-2016-9125

Weakness Enumeration

Related Identifiers

Affected Products

References · 6