← Zuruck zu CVEs
CVE-2016-9129
N/ABeschreibung
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht3/28/2017
Zuletzt geandert4/20/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
revive-adserver:revive_adserver
Schwachen (CWE)
CWE-203CWE-200
Referenzen
https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5(support@hackerone.com)
https://hackerone.com/reports/98612(support@hackerone.com)
https://www.revive-adserver.com/security/revive-sa-2016-001/(support@hackerone.com)
https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/98612(af854a3a-2127-422b-91ae-364da2661108)
https://www.revive-adserver.com/security/revive-sa-2016-001/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.