CVE-2016-9129
Last modified
CVE-2016-9129 is a vulnerability of currently unknown severity. Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. EPSS estimates a 1.43% chance of exploitation in the next 30 days.
Description
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Revive-Adserver | Revive Adserver | <= 3.2.2 |
References
- https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5Issue Tracking, Patch, Third Party Advisory
- https://hackerone.com/reports/98612Permissions Required
- https://www.revive-adserver.com/security/revive-sa-2016-001/Patch, Vendor Advisory
- https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5Issue Tracking, Patch, Third Party Advisory
- https://hackerone.com/reports/98612Permissions Required
- https://www.revive-adserver.com/security/revive-sa-2016-001/Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-9129?
How severe is CVE-2016-9129?
How do I fix CVE-2016-9129?
Are you affected by CVE-2016-9129?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST