← Volver a CVEs
CVE-2016-9129
N/ADescripcion
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado3/28/2017
Ultima modificacion4/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
revive-adserver:revive_adserver
Debilidades (CWE)
CWE-203CWE-200
Referencias
https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5(support@hackerone.com)
https://hackerone.com/reports/98612(support@hackerone.com)
https://www.revive-adserver.com/security/revive-sa-2016-001/(support@hackerone.com)
https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/98612(af854a3a-2127-422b-91ae-364da2661108)
https://www.revive-adserver.com/security/revive-sa-2016-001/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.