VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-01-08T15:00:00Z
Updated: 2024-09-16T20:41:58.915Z
Reserved: 2015-01-08T00:00:00Z
Link: CVE-2014-9575
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-01-08T15:59:00.047
Modified: 2024-11-21T02:21:09.997
Link: CVE-2014-9575
Redhat
No data.