 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.106321 |
| Category: | Web application abuses |
| Title: | Revive Adserver Multiple Vulnerabilities |
| Summary: | Revive Adserver is prone to multiple vulnerabilities. |
| Description: | Summary: Revive Adserver is prone to multiple vulnerabilities. Vulnerability Insight: Revive Adserver is prone to multiple vulnerabilities: - The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a counter-measure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress. - Revive Adserver is vulnerable to session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. An attacker may steal an authenticated sessions. - Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account. - The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. - The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL. - It is possible to check whether or not an email address is associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. - Two vectors for persistent XSS attacks via the Revive Adserver user interface, both requiring a trusted (non-admin) account: the website name isn't properly escaped when displayed in the campaign-zone.php script and the banner image URL for external banners isn't properly escaped when displayed in most of the banner related pages. - A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks. - Multiple CSRF vulnerabilities were found. - www/admin/stats.php is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as 'setPerPage', 'pageId', 'bannerid', 'pereiod_start', 'period_end' and possibly others. Affected Software/OS: Revive Adserver version 3.2.2 and prior. Solution: Upgrade to version 3.2.3 or later CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-9124 https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9 https://hackerone.com/reports/96115 https://www.revive-adserver.com/security/revive-sa-2016-001/ Common Vulnerability Exposure (CVE) ID: CVE-2016-9125 https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39 https://hackerone.com/reports/93809 https://hackerone.com/reports/93813 Common Vulnerability Exposure (CVE) ID: CVE-2016-9126 https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec https://hackerone.com/reports/97073 Common Vulnerability Exposure (CVE) ID: CVE-2016-9127 https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2 https://hackerone.com/reports/99452 Common Vulnerability Exposure (CVE) ID: CVE-2016-9128 https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3 https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74 https://hackerone.com/reports/99004 Common Vulnerability Exposure (CVE) ID: CVE-2016-9129 https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5 https://hackerone.com/reports/98612 Common Vulnerability Exposure (CVE) ID: CVE-2016-9130 https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83 Common Vulnerability Exposure (CVE) ID: CVE-2016-9454 BugTraq ID: 83964 http://www.securityfocus.com/bid/83964 Common Vulnerability Exposure (CVE) ID: CVE-2016-9455 https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45 https://hackerone.com/reports/97123 Common Vulnerability Exposure (CVE) ID: CVE-2016-9456 https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a Common Vulnerability Exposure (CVE) ID: CVE-2016-9457 https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4 https://hackerone.com/reports/107879 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |