Critical severity9.0NVD Advisory· Published Mar 28, 2017· Updated May 13, 2026

CVE-2016-9470

Description

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. www/delivery/asyncspc.php was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.

Affected products

Revive Adserver/Revive Adserver2 versions
cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*range: <=3.2.4
- cpe:2.3:a:revive-adserver:revive_adserver:4.0.0:*:*:*:*:*:*:*
N/a/Revive Adserver All Versions Before 3.2.5 And 4.0.0v5
Range: Revive Adserver All versions before 3.2.5 and 4.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/revive-adserver/revive-adserver/commit/69aacbd2nvdPatchThird Party Advisory
www.revive-adserver.com/security/revive-sa-2016-002/nvdPatchVendor Advisory
hackerone.com/reports/148745nvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000