Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 2 Feb 2017 00:51:06 -0500
From: <cve-assign@...re.org>
To: <nicolas.gregoire@...rri.fr>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE request: multiples vulnerabilities in Revive Adserver

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://www.revive-adserver.com/security/revive-sa-2017-001/

> [] Vulnerability 1 - Deserialization of Untrusted Data

Use CVE-2017-5830.


> [] Vulnerability 2 - Session Fixation

Use CVE-2017-5831.


> [] Vulnerability 3 - Persistent XSS

Use CVE-2017-5832.


> [] Vulnerability 4 - Reflected XSS

Use CVE-2017-5833.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYksbmAAoJEHb/MwWLVhi2f34P/1kd2i9lAh5KBzvbp/iskyU5
FXdYXOfov1Kty7Tu8o6jnwjjQxqobA9pQFOVPfDhmBzZfZdk58UVp59NA2J6lhgS
xWF42C6pnFpgV+aM4UxjaI7fWeB3wtx6ceySU9CWYDVhjGcCsD8SXlxpo7IHpNFE
yznDrDAZPjTplAJ67lkciep5RgBUYjrZxaY54aFNCJqqEKz723xsXY0uA3Q5H+Ih
v7wpxPCWjo8oFLzpFsybWLrADKZ4Nuu6RcbYPyUrupmkIpkjakYSun7PhaBJ+Vbk
edw9zALYloJ4a8k00SQM5+n/Y3iR2hbmiWAoqiFhNjKqxv5skEgW0bfwgypkUsmh
PNi86FPrj4f8TmqIlwM59gqbSb9Mjqyr/XW64wDnR545XZp16IBxb046dlgvDmjl
zFJ+LBMb2ui8ggdPWEPAjzni/EDeS+OC6o4Ocp0kXv8kWw3QbvMfX0LE8oVX/XVx
FO80/46JKbxqCS22NICP/t/qOumC+Ar1XiJ1aLOJjPx1GJtkUV9JxeRUr/FCP2op
m29U66J9gHg/5R7yacDIukwvZ+zUX3CxecIDG69SV0EKhNcRM3lEY1sQH2sgKVyT
r16cax1/GiATMwyZrrXCJYJ2KQ26rHghIS5CPjfbXN/rJ4O7t+mVAglxZCnnILtQ
dgIG+cUHF2Ei1OBynPXy
=e5Rh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.