CVE-2021-22873

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 5.1.0

Description The issue allows for open redirects via the dest, oadest, and/or ct0 parameters of the "lg.php" and "ck.php" delivery scripts. This functionality was previously available by design to enable third-party ad servers to track metrics when delivering ads. However, with third-party click tracking via redirects no longer being a viable option, this open redirect functionality has been removed and is now considered a vulnerability.

Recommendations For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the lg.php and ck.php delivery scripts to minimize the risk of exploitation. Avoid using the dest, oadest, and ct0 parameters in these scripts until the issue is resolved.