CVE-2015-7369

Revive Adserver < 3.2.1 - Improper Access Control via Flash Cross-Domain Policy

Title source: llm
STIX 2.1

Description

The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536633/100/0/threaded
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Oct/32

Scores

EPSS 0.0325
EPSS Percentile 86.8%

Details

CWE
CWE-284
Status published
Products (1)
revive-adserver/revive_adserver < 3.2.1
Published Oct 14, 2015
Tracked Since Feb 18, 2026