CVE-2021-22873: CVE-2021-22873

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-22873

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

指向未可信站点的URL重定向(开放重定向)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Revive Adserver 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Revive Adserver是Revive Adserver团队的一套开源的广告管理系统。该系统提供广告投放、广告位管理、数据统计等功能。 Revive Adserver 5.1.0 之前版本存在输入验证错误漏洞，该漏洞源于第三方点击跟踪的重定向不可选择。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	https://github.com/revive-adserver/revive-adserver	Fixed in 5.1.0	-

II. Public POCs for CVE-2021-22873

#	POC Description	Source Link	Shenlong Link
1	A PoC exploit for CVE-2021-22873 - Revive Adserver Open Redirect Vulnerability.	https://github.com/K3ysTr0K3R/CVE-2021-22873-EXPLOIT	POC Details
2	Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22873.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-22873

Please Login to view more intelligence information

https://www.revive-adserver.com/security/revive-sa-2021-001/x_refsource_MISC
https://github.com/revive-adserver/revive-adserver/issues/1068x_refsource_MISC
https://hackerone.com/reports/1081406x_refsource_MISC
http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.htmlx_refsource_MISC
http://seclists.org/fulldisclosure/2021/Jan/60mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2021-22873

IV. Related Vulnerabilities

Same product: https://github.com/revive-adserver/revive-adserver

Same vendor: n/a

Same weakness: CWE-601

V. Comments for CVE-2021-22873

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-22873

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-22873

III. Intelligence Information for CVE-2021-22873

IV. Related Vulnerabilities

V. Comments for CVE-2021-22873

Leave a comment