Revive Adserver < 3.1.0 Multiple Vulnerabilities

2014-12-1700:00:00

Tenable

www.tenable.com

JSON

The remote host is running Revive Adserver, an open source PHP-based Ad serving system. This version of Revive Adserver is vulnerable to the following:

A denial-of-service vulnerability that occurs in the ‘XML-RPC’ implementation. Specifically, the issue affects the ‘XML/RPC.php’ script. (CVE-2014-8875)
A cross-site scripting vulnerability because Revive fails to properly sanitize user-supplied input. Specifically, this issue affects the ‘refresh_page’ parameter of the ‘/www/admin/report-generate.php’ script. (CVE-2014-8793)

Binary data 8607.prm

VendorProductVersionCPE
reviverevivecpe:/a:revive:revive

Vendor	Product	Version	CPE
revive	revive		cpe:/a:revive:revive

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8793

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8875

www.revive-adserver.com/blog/revive-adserver-v3-1-0-released

www.revive-adserver.com/security/revive-sa-2014-002

JSON

Related for 8607.PRM