OpenX Ad-Server Vulnerability

Published: 2010-09-16
Last Updated: 2010-09-16 16:50:46 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

A vulnerability in some "random ad server" software wouldn't be terrible big news, but in this case I decided to spent a couple minutes on it. OpenX is somewhat popular, and used by various sites to server ads. Not only that... the vulnerability is actively being exploited. And to make things worse: The site is down, so you can't download a patch or any details "direct from the source".

We have seen compromised ad servers being used in the past to inject malicious content into various "trusted" pages and I am a bit afraid that we will see some of this with these OpenX vulnerabilities.

For more details:

(thanks to David of Sucuri for the heads up)


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: ad server OpenX
0 comment(s)


Diary Archives