CVE-2019-5434 - Vulnerability Details - OpenCVE

Description

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.

Published: 2019-05-06

Score: 9.8 Critical

EPSS: 89.1% High

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Revive Adserver

affected

Version	Status	Constraints
`Fixed version v4.2.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:revive-sas:revive_adserver:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.89078.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html
https://hackerone.com/reports/512076
https://hackerone.com/reports/542670
https://www.revive-adserver.com/security/revive-sa-2019-001/

History

No history.

Subscriptions

Revive-sas Revive Adserver

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2019-05-06T16:53:33.000Z

Updated: 2024-08-04T19:54:53.553Z

Reserved: 2019-01-04T00:00:00.000Z

Link: CVE-2019-5434

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-06T17:29:00.730

Modified: 2024-11-21T04:44:55.693

Link: CVE-2019-5434

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-502

{"containers": {"cna": {"affected": [{"product": "Revive Adserver", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed version v4.2.0"}]}], "descriptions": [{"lang": "en", "value": "An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-05T00:06:15.000Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/512076"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/542670"}, {"tags": ["x_refsource_MISC"], "url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2019-5434", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Revive Adserver", "version": {"version_data": [{"version_value": "Fixed version v4.2.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Deserialization of Untrusted Data (CWE-502)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/512076", "refsource": "MISC", "url": "https://hackerone.com/reports/512076"}, {"name": "https://hackerone.com/reports/542670", "refsource": "MISC", "url": "https://hackerone.com/reports/542670"}, {"name": "https://www.revive-adserver.com/security/revive-sa-2019-001/", "refsource": "MISC", "url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"}, {"name": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:54:53.553Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/512076"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/542670"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-5434", "datePublished": "2019-05-06T16:53:33.000Z", "dateReserved": "2019-01-04T00:00:00.000Z", "dateUpdated": "2024-08-04T19:54:53.553Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:revive-sas:revive_adserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6812BF4-181A-4D04-97E4-70609E587B42", "versionEndExcluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0."}, {"lang": "es", "value": "Un atacante podr\u00eda enviar una carga espec\u00edficamente creada al script de invocaci\u00f3n XML-RPC y activar la llamada unserialize() en el par\u00e1metro \"what\" en el m\u00e9todo RPC \"openads.spc\". Dicha vulnerabilidad podr\u00eda utilizarse para realizar varios tipos de ataques, por ejemplo, aprovechar las vulnerabilidades de PHP relacionadas con la serializaci\u00f3n o la inyecci\u00f3n de objetos PHP. Es posible, aunque no confirmado, que la vulnerabilidad haya sido usada por algunos atacantes para conseguir acceso a algunas peticiones Revive Adserver y enviar malware a trav\u00e9s de sitios web de terceros. Esta vulnerabilidad fue tratada en la versi\u00f3n 4.2.0."}], "id": "CVE-2019-5434", "lastModified": "2024-11-21T04:44:55.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-06T17:29:00.730", "references": [{"source": "support@hackerone.com", "url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/512076"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/542670"}, {"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/512076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/542670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}