CVE-2016-9129

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.

Revive Adserver en versiones anteriores a 3.2.3 sufre de exposición de información a través de discrepancia. Es posible comprobar si una dirección de correo electrónico está o no asociada a una o más cuentas de usuario en una instancia de tarjeta Revive Adserver examinando el mensaje impreso por el sistema de recuperación de contraseñas. Sin embargo, dicha información no se puede utilizar directamente para iniciar sesión en el sistema, lo que requiere un nombre de usuario.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-10-31 CVE Reserved
2017-03-28 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-203: Observable Discrepancy

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5	2019-10-09
https://www.revive-adserver.com/security/revive-sa-2016-001	2019-10-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Revive-adserver Search vendor "Revive-adserver"		Revive Adserver Search vendor "Revive-adserver" for product "Revive Adserver"				<= 3.2.2 Search vendor "Revive-adserver" for product "Revive Adserver" and version " <= 3.2.2"		-		Affected