PSIRT Advisory

FortiWeb Multiple Vulnerabilities

Description

FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and privilege escalation (CVE-2014-1957) issues.

Impact

Script execution and privilege elevation.

Affected Products

FortiWeb 4.4.7 and lower.FortiWeb 5.0.2 and lower.

Solutions

Upgrade to FortiWeb 5.0.3 or higher.

Acknowledgement

Robert van Hamburg of Intermax Security