Vulnerability identifier: #VU39351
Vulnerability risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Revive Adserver
Web applications /
Other software
Vendor: OpenX Source
Description
The vulnerability allows a remote privileged user to read and manipulate data.
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver. <a href="http://cwe.mitre.org/data/definitions/75.html">CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)</a>
Mitigation
Install update from vendor's website.
Vulnerable software versions
Revive Adserver: 4.0.0
External links
http://github.com/revive-adserver/revive-adserver/commit/05b1eceb
http://hackerone.com/reports/128181
http://www.revive-adserver.com/security/revive-sa-2016-002/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.