CVE-2019-5434 - OpenCVE

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Revive-sas	Revive Adserver

Configuration 1 [-]

cpe:2.3:a:revive-sas:revive_adserver:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html
https://hackerone.com/reports/512076
https://hackerone.com/reports/542670
https://www.revive-adserver.com/security/revive-sa-2019-001/

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2019-05-06T16:53:33

Updated: 2024-08-04T19:54:53.553Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5434

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-06T17:29:00.730

Modified: 2019-10-09T23:50:51.837

Link: CVE-2019-5434

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Revive Adserver", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed version v4.2.0"}]}], "descriptions": [{"lang": "en", "value": "An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-05T00:06:15", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/512076"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/542670"}, {"tags": ["x_refsource_MISC"], "url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2019-5434", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Revive Adserver", "version": {"version_data": [{"version_value": "Fixed version v4.2.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Deserialization of Untrusted Data (CWE-502)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/512076", "refsource": "MISC", "url": "https://hackerone.com/reports/512076"}, {"name": "https://hackerone.com/reports/542670", "refsource": "MISC", "url": "https://hackerone.com/reports/542670"}, {"name": "https://www.revive-adserver.com/security/revive-sa-2019-001/", "refsource": "MISC", "url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"}, {"name": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:54:53.553Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/512076"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/542670"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-5434", "datePublished": "2019-05-06T16:53:33", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:54:53.553Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:revive-sas:revive_adserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6812BF4-181A-4D04-97E4-70609E587B42", "versionEndExcluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0."}, {"lang": "es", "value": "Un atacante podr\u00eda enviar una carga espec\u00edficamente creada al script de invocaci\u00f3n XML-RPC y activar la llamada unserialize() en el par\u00e1metro \"what\" en el m\u00e9todo RPC \"openads.spc\". Dicha vulnerabilidad podr\u00eda utilizarse para realizar varios tipos de ataques, por ejemplo, aprovechar las vulnerabilidades de PHP relacionadas con la serializaci\u00f3n o la inyecci\u00f3n de objetos PHP. Es posible, aunque no confirmado, que la vulnerabilidad haya sido usada por algunos atacantes para conseguir acceso a algunas peticiones Revive Adserver y enviar malware a trav\u00e9s de sitios web de terceros. Esta vulnerabilidad fue tratada en la versi\u00f3n 4.2.0."}], "id": "CVE-2019-5434", "lastModified": "2019-10-09T23:50:51.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-06T17:29:00.730", "references": [{"source": "support@hackerone.com", "url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/512076"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/542670"}, {"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "support@hackerone.com", "type": "Secondary"}]}