Summary
FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and privilege
escalation (CVE-2014-1957) issues.
Impact
A remote unauthenticated attacker may be able to execute arbitrary JavaScript in the context of the administrator's browser
session. In addition, authenticated users may be able to escalate their privileges.
Solution
Upgrade to FortiWeb 5.0.3 or higher.
Affected
FortiWeb 4.4.7 and lower. FortiWeb 5.0.2 and lower.
Detection
Check the version
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1955, CVE-2014-1956, CVE-2014-1957 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities