Description

Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.

Remediation

References

CVE-2015-7371

Related Vulnerabilities

WordPress Plugin WP Mailster Cross-Site Scripting (1.6.1)

WordPress Plugin BackWPup Multiple Local File Include Vulnerabilities (1.5.2)

Jetty CVE-2020-27218 Vulnerability (CVE-2020-27218)

WordPress Directory Traversal (3.7 - 5.0.3)

WordPress Plugin Captcha by BestWebSoft SQL Injection (4.1.4)

Severity

Medium

Classification

CVE-2015-7371 CWE-264

Tags

Missing Update Known Vulnerabilities