CVE-2016-9470
 
Severity Score
9.0
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.
Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufre de Reflected File Download. `www/delivery/asyncspc.php` era vulnerable al relativamente nuevo vector de ataque web Reflected File Download (RFD) que permite que atacantes obtengan control completo sobre la máquina de la víctima descargando virtualmente un archivo desde un dominio de confianza.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-11-19 CVE Reserved
- 2017-03-28 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-254: 7PK - Security Features
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/revive-adserver/revive-adserver/commit/69aacbd2 | 2019-10-09 | |
https://www.revive-adserver.com/security/revive-sa-2016-002 | 2019-10-09 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Revive-adserver Search vendor "Revive-adserver" | Revive Adserver Search vendor "Revive-adserver" for product "Revive Adserver" | <= 3.2.4 Search vendor "Revive-adserver" for product "Revive Adserver" and version " <= 3.2.4" | - |
Affected
| ||||||
Revive-adserver Search vendor "Revive-adserver" | Revive Adserver Search vendor "Revive-adserver" for product "Revive Adserver" | 4.0.0 Search vendor "Revive-adserver" for product "Revive Adserver" and version "4.0.0" | - |
Affected
|