CVE-2014-9575

Name of the Vulnerable Software and Affected Versions VDG Security SENSE (formerly DIVA) versions prior to 2.3.15

Description The issue allows remote attackers to bypass authentication and consequently read and modify arbitrary plugin settings. This is achieved via an encoded : (colon) character in the Authorization HTTP header.

Recommendations For versions prior to 2.3.15, update to version 2.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the Authorization HTTP header to minimize the risk of exploitation.