CVE-2015-7368
Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
Revive Adserver en versiones anteriores a 3.2.2 no envía las cabeceras Cache-Control HTTP apropiadas en las respuestas para las páginas de interfaz de usuario de administrador, lo que permite a usuarios locales obtener información sensible a través de la cache del navegador web.
Revive Adserver versions 3.2.1 and below suffer from improper access controls, cross site request forgery, cross site scripting, local file inclusion, and various other vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-09-25 CVE Reserved
- 2015-10-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | X_refsource_misc |
|
| http://seclists.org/fulldisclosure/2015/Oct/32 | Mailing List |
|
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/revive-adserver/revive-adserver/commit/15aac363 | 2018-10-09 |
| URL | Date | SRC |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | 2018-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Revive-adserver Search vendor "Revive-adserver" | Revive Adserver Search vendor "Revive-adserver" for product "Revive Adserver" | <= 3.2.1 Search vendor "Revive-adserver" for product "Revive Adserver" and version " <= 3.2.1" | - |
Affected
| ||||||