Security Features in Revive Adserver

#VU39350 Security Features in Revive Adserver

Published: 2017-03-28 | Updated: 2020-08-08

Vulnerability identifier: #VU39350

Vulnerability risk: High

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9470

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Revive Adserver
Web applications / Other software

Vendor: OpenX Source

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Revive Adserver: 4.0.0

External links
http://github.com/revive-adserver/revive-adserver/commit/69aacbd2
http://hackerone.com/reports/148745
http://www.revive-adserver.com/security/revive-sa-2016-002/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Revive Adserver