Revive Adserver 3.0.5 Cross Site Scripting / Denial Of Service

Risk: Medium
Local: No
Remote: Yes

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-002 ------------------------------------------------------------------------ ------------------------------------------------------------------------ CVE-IDs: CVE-2014-8793, CVE-2014-8875 Date: 2014-12-17 Risk Level: Medium Applications affected: Revive Adserver Versions affected: <= 3.0.5 Versions not affected: >= 3.0.6, >= 3.1.0 Website: ======================================================================== ======================================================================== Vulnerability 1 - Denial of Service ======================================================================== Vulnerability Type: XML Entity Expansion [CWE-776] CVE-ID: CVE-2014-8875 CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) ======================================================================== Description ----------- Similar vulnerabilities have been discovered and reported earlier in 2014 for other PHP applications, i.e. Drupal and WordPress. It has been discovered that the Revive Adserver?s XML-RPC implementation might be vulnerable to the same kind of attacks. A remote attacker can send specifically crafted payloads to the XML-RPC endpoints of a Revive Adserver instance in an attempt to consume the server resources (CPU and memory) and ultimately lead to the application becoming unavailable or unresponsive (denial of service). Details ------- Revive Adserver XML-RPC servers, available both in the delivery engine (/www/delivery/[ad]xmlrpc.php, /adxmlrpc.php) and the API endpoints (/www/api/v2/xmlrpc/, /www/api/v1/xmlrpc/*.php) might be vulnerable to certain types of XML entity expansion attacks, also depending on the libxml2 version available on the system. References ---------- ======================================================================== Vulnerability 2 - XSS ======================================================================== Vulnerability Type: Cross-Site Scripting [CWE-79] CVE-ID: CVE-2014-8793 CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Also known as: HTB23242 ======================================================================== Description ----------- A Cross-Site Scripting vulnerability was recently discovered and reported by High-Tech Bridge Security Research Lab ( ). A remote attacker can trick logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. Details ------- Input passed via the "refresh_page" GET parameter to "/www/admin/report-generate.php" script is not properly sanitised before being returned to the user. Please see High-Tech Bridge's own advisory for more information. References ---------- ======================================================================== Solution ======================================================================== We strongly advise people to upgrade to the most recent 3.1.0 or 3.0.6 versions of Revive Adserver, including those running OpenX Source or older versions of the application. ======================================================================== Contact Information ======================================================================== The security contact for Revive Adserver can be reached at: <security AT revive-adserver DOT com>. Please review before doing so. -- Matteo Beccati On behalf of the Revive Adserver Team


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top