CVE-2015-7367

Revive Adserver < 3.2.1 - Unauthenticated Session Persistence After User Deletion

Title source: llm
STIX 2.1

Description

Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536633/100/0/threaded
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Oct/32

Scores

EPSS 0.0254
EPSS Percentile 83.1%

Details

CWE
CWE-284
Status published
Products (1)
revive-adserver/revive_adserver < 3.2.1
Published Oct 14, 2015
Tracked Since Feb 18, 2026