Summary
This host is installed with
Revive Adserver and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow
remote attackers to cause a denial of service and inject arbitrary web script or HTML.
Impact Level: Application.
Solution
Upgrade to Revive Adserver version 3.0.6
or later. For updates refer to http://www.revive-adserver.com
Insight
Multiple flaws exists due to,
- insufficient sanitization of input passed via the 'refresh_page' GET parameter to 'report-generate.php' script.
- insufficient sanitization of input by The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver.
Affected
Revive Adserver version 3.0.5 and prior.
Detection
Check for the vulnerable version of
Revive Adserver
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8793, CVE-2014-8875 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability