Описание
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
Ссылки
- ExploitThird Party Advisory
- PatchVendor Advisory
- ExploitThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.0 (исключая)
Одно из
cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
cpe:2.3:a:revive-adserver:revive_adserver:5.3.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00545
Низкий
7.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-338
Связанные уязвимости
CVSS3: 7.1
github
около 3 лет назад
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
EPSS
Процентиль: 67%
0.00545
Низкий
7.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-338