Unrestricted Access to run-mpe.php in Revive Adserver before 3.2.2

Unrestricted Access to run-mpe.php in Revive Adserver before 3.2.2

CVE-2015-7371 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.

Learn more about our Cis Benchmark Audit For Server Software.