Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2021/Jan/60 | Broken Link Mailing List Third Party Advisory |
https://github.com/revive-adserver/revive-adserver/issues/1068 | Issue Tracking Third Party Advisory |
https://hackerone.com/reports/1081406 | Exploit Third Party Advisory |
https://www.revive-adserver.com/security/revive-sa-2021-001/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2021-01-21T19:14:44
Updated: 2021-01-25T16:06:19
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-22873
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-26T18:16:19.163
Modified: 2021-02-02T15:09:34.250
Link: CVE-2021-22873
JSON object: View
Redhat Information
No data.
CWE