← voltar
CVE-2016-9455

CVE-2016-9455

EPSS 0.8%CWE-352
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
28 mar 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
Produtos afetados
n/a · Revive Adserver All versions before 3.2.3

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45https://hackerone.com/reports/97123https://www.revive-adserver.com/security/revive-sa-2016-001/http://www.securityfocus.com/bid/83964