CVE-2015-7370

Related Files

Release Automation XSS / XXE Injection

Posted Jul 1, 2016

Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information or cause a denial of service condition. CA has fixes available. The first vulnerability occurs due to the inclusion of a vulnerable 3rd party component, Open Flash Chart. A remote attacker can conduct cross-site scripting attacks The second vulnerability occurs due to insufficient verification of requests to the web server, which can lead to limited XML external entity attacks. An authenticated attacker in the local network can potentially gain sensitive information or cause a denial of service condition. The third vulnerability occurs due to insufficient verification of requests to the web interface, which leads to multiple reflected cross-site scripting vulnerabilities and one stored cross-site scripting vulnerability.

tags | advisory, remote, web, denial of service, local, vulnerability, xss, xxe

advisories | CVE-2015-7370, CVE-2015-8698, CVE-2015-8699

SHA-256 | 2ef5f54923997660f51cadb44ff051e243c99d18929f23a00717e9198858f0d9

Download | Favorite | View

Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

Posted Oct 7, 2015

Authored by Matteo Beccati

Revive Adserver versions 3.2.1 and below suffer from improper access controls, cross site request forgery, cross site scripting, local file inclusion, and various other vulnerabilities.

tags | advisory, local, vulnerability, xss, file inclusion, csrf

advisories | CVE-2015-7364, CVE-2015-7365, CVE-2015-7366, CVE-2015-7367, CVE-2015-7368, CVE-2015-7369, CVE-2015-7370, CVE-2015-7371, CVE-2015-7372, CVE-2015-7373

SHA-256 | f3c53ca4f0d760cffde26a8a7bbe06712810d8fb32dabf303255604dc56e2372

Download | Favorite | View