Vulnerability Description
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Revive-Adserver | Revive Adserver | <= 3.2.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local
- http://seclists.org/fulldisclosure/2015/Oct/32
- http://www.revive-adserver.com/security/revive-sa-2015-001Vendor Advisory
- http://www.securityfocus.com/archive/1/536633/100/0/threaded
- http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local
- http://seclists.org/fulldisclosure/2015/Oct/32
- http://www.revive-adserver.com/security/revive-sa-2015-001Vendor Advisory
- http://www.securityfocus.com/archive/1/536633/100/0/threaded
FAQ
What is CVE-2015-7367?
CVE-2015-7367 is a vulnerability with a CVSS score of 7.5 (HIGH). Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
How severe is CVE-2015-7367?
CVE-2015-7367 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7367?
Check the references section above for vendor advisories and patch information. Affected products include: Revive-Adserver Revive Adserver.