CVE-2016-9129

CVE-2016-9129

Vendor N/A
Product Revive Adserver All versions before 3.2.3
Weakness CWE-203
Published March 28, 2017
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.

Key dates

02Disclosure timeline

March 28, 2017 CVE published
August 6, 2024 Record updated