Remote Code Execution Vulnerability in Revive Adserver by Revive Software
CVE-2015-7367

Currently unrated

Key Information:

Vendor: Revive-adserver
Status: Revive Adserver
Vendor: CVE Published:; 14 October 2015

🔔 Create Revive-adserver Vulnerability Alert

What is CVE-2015-7367?

The Revive Adserver, prior to version 3.2.2, suffers from a vulnerability that enables remote attackers to execute unauthorized actions by exploiting unexpired user sessions after the user has been deleted or unlinked. This flaw potentially allows attackers to bypass session controls, leading to unauthorized access and manipulation of server-side actions. It is crucial for users of the affected versions to apply the recommended updates to safeguard against this security risk.

References

http://www.revive-adserver.com/security/revive-sa-2015-001

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/536633/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2015/Oct/32

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2015
Vulnerability Reserved
Sep 25, 2015

CVE-2015-7367 Data

JSON