← voltar
CVE-2016-9129

CVE-2016-9129

EPSS 1.4%CWE-203
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.4%KEV nãoPoC Patch
Ciclo de vida
28 mar 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
Produtos afetados
n/a · Revive Adserver All versions before 3.2.3

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5https://hackerone.com/reports/98612https://www.revive-adserver.com/security/revive-sa-2016-001/