CVE-2014-9407 in Adserver
Resumen (Inglés)
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Reservar
2014-12-19
Divulgación
2014-12-19
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 73333 | Revive Adserver agency-delete.php falsificación de solicitudes en sitios cruzados | 352 | No está definido | Arreglo oficial | CVE-2014-9407 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV