Revive Adserver Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with Revive Adserver and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to cause a denial of service and inject arbitrary web script or HTML. Impact Level: Application.

Solution

Upgrade to Revive Adserver version 3.0.6 or later. For updates refer to http://www.revive-adserver.com

Insight

Multiple flaws exists due to, - insufficient sanitization of input passed via the 'refresh_page' GET parameter to 'report-generate.php' script. - insufficient sanitization of input by The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver.

Affected

Revive Adserver version 3.0.5 and prior.

Detection

Check for the vulnerable version of Revive Adserver

References

http://osvdb.org/114559
http://osvdb.org/116017
https://www.htbridge.com/advisory/HTB23242

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8793, CVE-2014-8875

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability
An Image Gallery Directory Traversal Vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability
Apple Safari Multiple Vulnerabilities

Take action and discover your vulnerabilities