Description

The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.

Remediation

References

CVE-2015-7369

Related Vulnerabilities

Joomla Session Fixation Vulnerability (CVE-2007-4188)

WordPress Plugin Image Slider Arbitrary File Deletion (1.1.89)

WordPress Plugin YITH WooCommerce Gift Cards Premium Arbitrary File Upload (3.19.0)

WordPress Plugin Under Construction/Maintenance Mode from Acurax Multiple Unspecified Vulnerabilities (2.5.2)

WordPress Plugin WP Fastest Cache SQL Injection (0.8.4.8)

Severity

High

Classification

CVE-2015-7369 CWE-284

Tags

Missing Update Known Vulnerabilities