Vulnerability Description
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Revive-Adserver | Revive Adserver | <= 3.2.4 |
Related Weaknesses (CWE)
References
- https://github.com/revive-adserver/revive-adserver/commit/05b1ecebPatchThird Party Advisory
- https://hackerone.com/reports/128181Permissions Required
- https://www.revive-adserver.com/security/revive-sa-2016-002/PatchVendor Advisory
- https://github.com/revive-adserver/revive-adserver/commit/05b1ecebPatchThird Party Advisory
- https://hackerone.com/reports/128181Permissions Required
- https://www.revive-adserver.com/security/revive-sa-2016-002/PatchVendor Advisory
FAQ
What is CVE-2016-9471?
CVE-2016-9471 is a vulnerability with a CVSS score of 3.1 (LOW). Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters we...
How severe is CVE-2016-9471?
CVE-2016-9471 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9471?
Check the references section above for vendor advisories and patch information. Affected products include: Revive-Adserver Revive Adserver.