CVE-2016-9129
published 2017-03-28CVE-2016-9129: Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to…
PriorityP424medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
1.43%
69.7th percentile
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| revive-adserver | revive_adserver | <= 3.2.2 | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5https://hackerone.com/reports/98612https://www.revive-adserver.com/security/revive-sa-2016-001/https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5https://hackerone.com/reports/98612https://www.revive-adserver.com/security/revive-sa-2016-001/
2017-03-28
Published