Vulners
Lucene search
Revive Adserver 3.0.5 Cross Site Scripting / Denial Of Service
🗓️ 17 Dec 2014 00:00:00Reported by Matteo BeccatiType 
packetstorm🔗 packetstormsecurity.com👁 50 Views
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | Revive Adserver < 3.1.0 Multiple Vulnerabilities | 17 Dec 201400:00 | – | nessus |
 | CVE-2014-8793 | 19 Dec 201415:00 | – | cve |
| CVE-2014-8875 | 19 Dec 201415:00 | – | cve |
 | CVE-2014-8793 | 19 Dec 201415:00 | – | cvelist |
| CVE-2014-8875 | 19 Dec 201415:00 | – | cvelist |
 | EUVD-2014-8623 | 7 Oct 202500:30 | – | euvd |
| EUVD-2014-8705 | 7 Oct 202500:30 | – | euvd |
 | Cross-Site Scripting (XSS) in Revive Adserver | 12 Nov 201400:00 | – | htbridge |
 | CVE-2014-8793 | 19 Dec 201415:59 | – | nvd |
| CVE-2014-8875 | 19 Dec 201415:59 | – | nvd |
10
`========================================================================
Revive Adserver Security Advisory REVIVE-SA-2014-002
------------------------------------------------------------------------
http://www.revive-adserver.com/security/revive-sa-2014-002
------------------------------------------------------------------------
CVE-IDs: CVE-2014-8793, CVE-2014-8875
Date: 2014-12-17
Risk Level: Medium
Applications affected: Revive Adserver
Versions affected: <= 3.0.5
Versions not affected: >= 3.0.6, >= 3.1.0
Website: http://www.revive-adserver.com/
========================================================================
========================================================================
Vulnerability 1 - Denial of Service
========================================================================
Vulnerability Type: XML Entity Expansion [CWE-776]
CVE-ID: CVE-2014-8875
CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
========================================================================
Description
-----------
Similar vulnerabilities have been discovered and reported earlier in
2014 for other PHP applications, i.e. Drupal and WordPress. It has been
discovered that the Revive Adserver’s XML-RPC implementation might be
vulnerable to the same kind of attacks.
A remote attacker can send specifically crafted payloads to the XML-RPC
endpoints of a Revive Adserver instance in an attempt to consume the
server resources (CPU and memory) and ultimately lead to the application
becoming unavailable or unresponsive (denial of service).
Details
-------
Revive Adserver XML-RPC servers, available both in the delivery engine
(/www/delivery/[ad]xmlrpc.php, /adxmlrpc.php) and the API endpoints
(/www/api/v2/xmlrpc/, /www/api/v1/xmlrpc/*.php) might be vulnerable to
certain types of XML entity expansion attacks, also depending on the
libxml2 version available on the system.
References
----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8875
http://cwe.mitre.org/data/definitions/776.html
https://github.com/revive-adserver/revive-adserver/commit/0559d00
https://wordpress.org/news/2014/08/wordpress-3-9-2/
https://www.drupal.org/SA-CORE-2014-004
========================================================================
Vulnerability 2 - XSS
========================================================================
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE-ID: CVE-2014-8793
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Also known as: HTB23242
========================================================================
Description
-----------
A Cross-Site Scripting vulnerability was recently discovered and
reported by High-Tech Bridge Security Research Lab (
https://www.htbridge.com/ ).
A remote attacker can trick logged-in user to open a specially crafted
link and execute arbitrary HTML and script code in browser in context of
the vulnerable website.
Details
-------
Input passed via the "refresh_page" GET parameter to
"/www/admin/report-generate.php" script is not properly sanitised before
being returned to the user.
Please see High-Tech Bridge's own advisory for more information.
References
----------
https://www.htbridge.com/advisory/HTB23242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8793
http://cwe.mitre.org/data/definitions/79.html
https://github.com/revive-adserver/revive-adserver/commit/2be73f9
========================================================================
Solution
========================================================================
We strongly advise people to upgrade to the most recent 3.1.0 or 3.0.6
versions of Revive Adserver, including those running OpenX Source or
older versions of the application.
========================================================================
Contact Information
========================================================================
The security contact for Revive Adserver can be reached at:
<security AT revive-adserver DOT com>.
Please review http://www.revive-adserver.com/security/ before doing so.
--
Matteo Beccati
On behalf of the Revive Adserver Team
http://www.revive-adserver.com/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Dec 2014 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.00734