CSRF Bypass Vulnerability in Revive Adserver by Revive Systems
CVE-2015-7364

Currently unrated

Key Information:

Vendor: Revive-adserver
Status: Revive Adserver
Vendor: CVE Published:; 14 October 2015

🔔 Create Revive-adserver Vulnerability Alert

What is CVE-2015-7364?

The HTML_Quickform library utilized in Revive Adserver versions prior to 3.2.2 presents a vulnerability that enables remote attackers to bypass the Cross-Site Request Forgery (CSRF) protection. This is achievable by manipulating the system through an empty token, which undermines the application's integrity and security mechanisms. Consequently, this vulnerability could facilitate various attacks, compromising user interactions and the overall trustworthiness of the platform.

References

http://www.revive-adserver.com/security/revive-sa-2015-001

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/536633/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2015/Oct/32

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2015
Vulnerability Reserved
Sep 25, 2015

CVE-2015-7364 Data

JSON