Vulnerabilities > CVE-2019-5434 - Deserialization of Untrusted Data vulnerability in Revive-Sas Revive Adserver

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
revive-sas
CWE-502
exploit available

Summary

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.

Vulnerable Configurations

Part Description Count
Application
Revive-Sas
1

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:47739
last seen2019-12-03
modified2019-12-03
published2019-12-03
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47739
titleRevive Adserver 4.2 - Remote Code Execution

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/155559/reviveadserver42-exec.txt
idPACKETSTORM:155559
last seen2019-12-05
published2019-12-04
reportercrlf
sourcehttps://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html
titleRevive Adserver 4.2 Remote Code Execution

Saint

descriptionRevive Adserver deserialization vulnerability
titlerevive_adserver_deserialization
typeremote