#VU39350 Security Features in Revive Adserver - CVE-2016-9470

Cybersecurity Help s.r.o.

Published: 2017-03-28 | Updated: 2020-08-08

Vulnerability identifier: #VU39350

Vulnerability risk: High

CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber]

CVE-ID: CVE-2016-9470

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Revive Adserver
Web applications / Other software

Vendor: OpenX Source

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Revive Adserver: 4.0.0

External links
https://github.com/revive-adserver/revive-adserver/commit/69aacbd2
https://hackerone.com/reports/148745
https://www.revive-adserver.com/security/revive-sa-2016-002/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Revive Adserver