Session Fixation Vulnerability in Revive Adserver by Revive
CVE-2016-9125
9.8CRITICAL
What is CVE-2016-9125?
Revive Adserver prior to version 3.2.3 contains a session fixation vulnerability that allows an attacker to manipulate session identifiers, enabling them to hijack user sessions. This occurs because existing sessions are not invalidated after successful authentication, creating a potential opportunity for unauthorized access to user accounts.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Revive Adserver All before 3.2.3 Revive Adserver All versions before 3.2.3
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved