CVE-2019-5434

{"id": "CVE-2019-5434", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-05-06T17:29:00.730", "references": [{"url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html", "source": "[email protected]"}, {"url": "https://hackerone.com/reports/512076", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://hackerone.com/reports/542670", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.revive-adserver.com/security/revive-sa-2019-001/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/512076", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/542670", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.revive-adserver.com/security/revive-sa-2019-001/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-502"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0."}, {"lang": "es", "value": "Un atacante podr\u00eda enviar una carga espec\u00edficamente creada al script de invocaci\u00f3n XML-RPC y activar la llamada unserialize() en el par\u00e1metro \"what\" en el m\u00e9todo RPC \"openads.spc\". Dicha vulnerabilidad podr\u00eda utilizarse para realizar varios tipos de ataques, por ejemplo, aprovechar las vulnerabilidades de PHP relacionadas con la serializaci\u00f3n o la inyecci\u00f3n de objetos PHP. Es posible, aunque no confirmado, que la vulnerabilidad haya sido usada por algunos atacantes para conseguir acceso a algunas peticiones Revive Adserver y enviar malware a trav\u00e9s de sitios web de terceros. Esta vulnerabilidad fue tratada en la versi\u00f3n 4.2.0."}], "lastModified": "2024-11-21T04:44:55.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:revive-sas:revive_adserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6812BF4-181A-4D04-97E4-70609E587B42", "versionEndExcluding": "4.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}