PSIRT Advisory
FortiWeb Multiple Vulnerabilities
Description
FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and privilege escalation (CVE-2014-1957) issues.
Impact
Script execution and privilege elevation.
Affected Products
FortiWeb 4.4.7 and lower.FortiWeb 5.0.2 and lower.
Solutions
Upgrade to FortiWeb 5.0.3 or higher.
Acknowledgement
Robert van Hamburg of Intermax Security