Session Fixation Vulnerability in Revive Adserver
CVE-2017-5831

5.9MEDIUM

Key Information:

Vendor

Revive-adserver

Status
Revive Adserver
Vendor
CVE Published:
3 March 2017

What is CVE-2017-5831?

A session fixation vulnerability exists in the password reset mechanism of Revive Adserver prior to version 4.0.1. This flaw allows attackers to manipulate the session ID during the password change process, potentially enabling them to hijack valid web sessions. By exploiting this weakness, remote attackers can gain unauthorized access to user accounts and sensitive data, posing significant security risks.

References

http://www.openwall.com/lists/oss-security/2017/02/02/3
mailing-listx_refsource_MLIST
https://www.revive-adserver.com/security/revive-sa-2017-001/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95875
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.