Home > Vulnerability Database > CVE-2016-9129

WhiteSource Vulnerability Database

CVE-2016-9129

Good to know:

Date: March 27, 2017

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.

Language: PHP

Severity Score

5.3

Related Resources (5)

Url: https://www.revive-adserver.com/security/revive-sa-2016-001/

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-9129

Url: https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5

Url: https://hackerone.com/reports/98612

Url: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2016-9129

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version v3.2.3

Learn More

CVSS v3

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

WhiteSource Vulnerability Database

We found results for “”

CVE-2016-9129

Good to know:

Date: March 27, 2017

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?