← volver
CVE-2016-9129

CVE-2016-9129

EPSS 1.4%CWE-203
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 1.4%KEV nãoPoC Patch
Ciclo de vida
28 mar 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
Productos afectados
n/a · Revive Adserver All versions before 3.2.3

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5https://hackerone.com/reports/98612https://www.revive-adserver.com/security/revive-sa-2016-001/