Vulnerabilities > CVE-2016-9470 - 7PK - Security Features vulnerability in Revive-Adserver Revive Adserver
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/revive-adserver/revive-adserver/commit/69aacbd2
- https://github.com/revive-adserver/revive-adserver/commit/69aacbd2
- https://hackerone.com/reports/148745
- https://hackerone.com/reports/148745
- https://www.revive-adserver.com/security/revive-sa-2016-002/
- https://www.revive-adserver.com/security/revive-sa-2016-002/