ReviveAdserver Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7368)

Description

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.

Remediation

References

CVE-2015-7368

Related Vulnerabilities

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.11)

Internet Information Services Other Vulnerability (CVE-2001-0506)

WordPress Plugin jcwp youtube channel embed Cross-Site Scripting (1.5.2)

Resin Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2012-2968)

Severity

Low

Classification

CVE-2015-7368 CWE-200