Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2014-9228 | Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/. |
References
| Link | Providers |
|---|---|
| http://www.revive-adserver.com/security/revive-sa-2014-001/ |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-16T18:29:24.904Z
Reserved: 2014-12-19T00:00:00.000Z
Link: CVE-2014-9407
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2014-12-19T15:59:33.410
Modified: 2025-04-12T10:46:40.837
Link: CVE-2014-9407
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses