CVE-2021-22873 Information

Jun 07, 2022 cve

Description

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest oadest and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However third party click tracking via redirects is not a viable option anymore leading to such open redirect functionality being removed and reclassified as a vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://hackerone.com/reports/1081406 https://github.com/revive-adserver/revive-adserver/issues/1068 http://seclists.org/fulldisclosure/2021/Jan/60 http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html https://www.revive-adserver.com/security/revive-sa-2021-001/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: