FortiWeb Multiple Vulnerabilities

description-logo Description

FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and privilege escalation (CVE-2014-1957) issues.

Impact Detail

A remote unauthenticated attacker may be able to execute arbitrary JavaScript in the context of the administrator's browser session. In addition, authenticated users may be able to escalate their privileges.

Affected Products

FortiWeb 4.4.7 and lower.FortiWeb 5.0.2 and lower.

Solutions

Upgrade to FortiWeb 5.0.3 or higher.

Acknowledgement

Robert van Hamburg of Intermax Security