Описание
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-7368
- https://github.com/revive-adserver/revive-adserver/commit/15aac363
- http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html
- http://seclists.org/fulldisclosure/2015/Oct/32
- http://www.revive-adserver.com/security/revive-sa-2015-001
- http://www.securityfocus.com/archive/1/536633/100/0/threaded
Связанные уязвимости
nvd
больше 10 лет назад
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.