S4E

CVE-2019-5434 Scanner

Detects 'Remote Code Execution (RCE)' vulnerability in Revive Adserver affects v. 4.2.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Domain, Ipv4

Toolbox

-

Revive Adserver is an open-source ad management software that helps publishers and advertisers to manage their ads effectively. This software is widely used by small and large-scale publishers to handle ad delivery, targeting, and monitoring. With Revive Adserver, publishers can manage multiple ad networks and measure their campaigns' performance with real-time reports.

CVE-2019-5434 is a vulnerability detected in the Revive Adserver application. This vulnerability is related to the unserialize() method of PHP, where an attacker can send a malicious payload to the XML-RPC invocation script's "what" parameter in the "openads.spc" RPC method. This vulnerability could allow attackers to exploit any serialize-related PHP vulnerabilities or even perform PHP object injection.

When exploited, the CVE-2019-5434 vulnerability can lead to severe consequences for publishers and advertisers. Attackers could use this vulnerability to gain access to the publisher's Revive Adserver instance and inject malicious code while managing the ad delivery process. This malicious ad code could then spread to third-party websites that host the advertiser's content, infecting their digital assets with malware.

Thanks to the pro features of the s4e.io platform, publishers and advertisers can easily and quickly discover vulnerabilities in their digital assets. With the platform's intuitive interface, users can gain detailed insights into their assets' security posture and take actions to mitigate any security risks. Apart from the vulnerability assessment, users can also track their assets' security posture continuously and receive alerts whenever a high-risk vulnerability is discovered. By leveraging such a platform, publishers and advertisers can secure their digital assets and prevent any potential security breaches.

 

REFERENCES

Get started to protecting your Free Full Security Scan