CVE-2019-5434 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Revive Adserver affects v. 4.2.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
Revive Adserver is an open-source ad management software that helps publishers and advertisers to manage their ads effectively. This software is widely used by small and large-scale publishers to handle ad delivery, targeting, and monitoring. With Revive Adserver, publishers can manage multiple ad networks and measure their campaigns' performance with real-time reports.
CVE-2019-5434 is a vulnerability detected in the Revive Adserver application. This vulnerability is related to the unserialize() method of PHP, where an attacker can send a malicious payload to the XML-RPC invocation script's "what" parameter in the "openads.spc" RPC method. This vulnerability could allow attackers to exploit any serialize-related PHP vulnerabilities or even perform PHP object injection.
When exploited, the CVE-2019-5434 vulnerability can lead to severe consequences for publishers and advertisers. Attackers could use this vulnerability to gain access to the publisher's Revive Adserver instance and inject malicious code while managing the ad delivery process. This malicious ad code could then spread to third-party websites that host the advertiser's content, infecting their digital assets with malware.
Thanks to the pro features of the s4e.io platform, publishers and advertisers can easily and quickly discover vulnerabilities in their digital assets. With the platform's intuitive interface, users can gain detailed insights into their assets' security posture and take actions to mitigate any security risks. Apart from the vulnerability assessment, users can also track their assets' security posture continuously and receive alerts whenever a high-risk vulnerability is discovered. By leveraging such a platform, publishers and advertisers can secure their digital assets and prevent any potential security breaches.
REFERENCES