CVE-2016-9129 Vulnerability Details

  /     /     /  

CVE-2016-9129 Metadata Quick Info

CVE Published: 28/03/2017 | CVE Updated: 06/08/2024 | CVE Year: 2016
Source: hackerone | Vendor: n/a | Product: Revive Adserver All versions before 3.2.3
Status : PUBLISHED

---

CVE-2016-9129 Description

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-203
CWE Name: Information Exposure Through Discrepancy (CWE-203)
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).