Revive Adserver is prone to the following security vulnerabilities:
1. A brute-force authentication security bypass vulnerability
2. A session-fixation vulnerability
3. Multiple HTML-injection vulnerabilities
4. Multiple cross-site request forgery vulnerability
5. Multiple cross-site scripting vulnerability
6. An information disclosure vulnerability
An attacker can exploit these issues to bypass the authentication mechanism,gain unauthorized access, execute attacker-supplied HTML or JavaScript code in the context of the affected site,steal cookie-based authentication credentials, obtain potentially sensitive information.These may aid in further attacks.
Revive Adserver 3.2.2 and prior are vulnerable.
Information
CVE-2016-9455
CVE-2016-9456
CVE-2016-9457
CVE-2016-9124
CVE-2016-9126
Revive-Adserver Revive Adserver 3.0.6
Revive-Adserver Revive Adserver 3.0.5
Revive-Adserver Revive Adserver 3.0.4
Revive-Adserver Revive Adserver 3.0.3
Revive-Adserver Revive Adserver 3.0.2
Revive-Adserver Revive Adserver 3.0.1
Revive-Adserver Revive Adserver 3.2.2
Revive-Adserver Revive Adserver 3.0.0
Exploit
Attackers can exploit these issues using a browser or readily available tools.
References:
- Fix h1 report 107879 (revive-adserver)
- Fix h1 report 97073 (revive-adserver)
- Fix h1 report 97123 (revive-adserver)
- Fix h1 reports 107550 and 107634 (revive-adserver)
- Fix other CSRF issues (revive-adserver)
- Mitigate h1 report 96115 (revive-adserver)
- Revive Adserver Home Page (Revive Adserver)
- REVIVE-SA-2016-001:Revive Adserver Security Advisory (Revive-Adserver)