Информационная безопасность
[RU] switch to English


CVECVE-2015-7372
СтатусCandidate
ОписаниеDirectory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
Важность
High
CVSS score7,5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:P)
PhaseAssigned (25.09.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7372
ReferencesBUGTRAQ : 20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities
 FULLDISC : 20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities
 MISC : http://packetstormsecurity.com/files/133893/Revive...
 CONFIRM : http://www.revive-adserver.com/security/revive-sa-...
 CONFIRM : https://github.com/revive-adserver/revive-adserver...
SecurityVulns:Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород