CVE-2015-7367

Published: Oct 14, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.

Affected (1)

Products: Revive Adserver: Revive Adserver

Revive Adserver

1 product

Revive Adserver

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Revive Adserver Revive Adserver	Up to 3.2.1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Oct/32

Source: cve@mitre.org

http://www.revive-adserver.com/security/revive-sa-2015-001

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/536633/100/0/threaded

Source: cve@mitre.org

http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2015/Oct/32

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.revive-adserver.com/security/revive-sa-2015-001

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/536633/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.