Description

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.

Remediation

References

CVE-2015-7368

Related Vulnerabilities

Oracle JRE CVE-2011-3547 Vulnerability (CVE-2011-3547)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4544)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7298)

WordPress Plugin WP Fastest Cache Arbitrary File Deletion (0.8.9.0)

Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888)

Severity

Low

Classification

CVE-2015-7368 CWE-200

Tags

Missing Update Known Vulnerabilities