CVE-2016-9125

CVE-2016-9125

Vendor N/A
Product Revive Adserver All versions before 3.2.3
Weakness CWE-384 · Session fixation
Published March 28, 2017
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.

Key dates

02Disclosure timeline

March 28, 2017 CVE published
August 6, 2024 Record updated