Home > Vulnerability Database > CVE-2016-9129

Mend.io Vulnerability Database

CVE-2016-9129

Date: March 27, 2017

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.

Language: PHP

Severity Score

5.3

Related Resources (5)

Url: https://www.revive-adserver.com/security/revive-sa-2016-001/

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-9129

Url: https://hackerone.com/reports/98612

Url: https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5

Url: https://www.mend.io/vulnerability-database/CVE-2016-9129

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Observable Discrepancy

CWE-203

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-9129

Date: March 27, 2017

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?