Описание
VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header.
VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-9575
- https://vdgsecurity.com/downloads/software/?file=1.+DIVA+2.3%2F2.+Changelog+2.3.16.txt
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt
- http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2014/Dec/76
EPSS
Процентиль: 69%
0.00611
Низкий
CVE ID
Связанные уязвимости
nvd
около 11 лет назад
VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header.
EPSS
Процентиль: 69%
0.00611
Низкий