Cross-Site Request Forgery Vulnerability in Revive Adserver by Revive Adserver Team
CVE-2016-9456

8.8HIGH

Key Information:

Vendor

Revive-adserver

Status
Revive Adserver All Versions Before 3.2.3
Vendor
CVE Published:
28 March 2017

What is CVE-2016-9456?

Revive Adserver prior to version 3.2.3 is susceptible to Cross-Site Request Forgery (CSRF) attacks, which could allow attackers to execute unauthorized commands on behalf of an authenticated user. The Revive Adserver team proactively identified and addressed over 20 CSRF-related vulnerabilities during a thorough security audit of their admin interface scripts. Users are encouraged to update to the latest version to mitigate these risks.

Affected Version(s)

Revive Adserver All before 3.2.3 Revive Adserver All versions before 3.2.3

References

http://www.securityfocus.com/bid/83964
vdb-entryx_refsource_BID
https://github.com/revive-adserver/revive-adserver/commit...
x_refsource_MISC
https://www.revive-adserver.com/security/revive-sa-2016-001/
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.