Medium severity5.3NVD Advisory· Published Mar 28, 2017· Updated May 13, 2026
CVE-2016-9129
CVE-2016-9129
Description
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
Affected products
1- cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*Range: <=3.2.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5nvdIssue TrackingPatchThird Party Advisory
- www.revive-adserver.com/security/revive-sa-2016-001/nvdPatchVendor Advisory
- hackerone.com/reports/98612nvdPermissions Required
News mentions
0No linked articles in our index yet.