At a glance:
| IR Number | FG-IR-13-009 |
| Date | Feb 13, 2014 |
| Risk | 
|
| Impact | Script execution and privilege elevation. |
| CVE ID | CVE-2014-1955, CVE-2014-1956, CVE-2014-1957 |
| CVRF | Download |
Refine Search
PSIRT Advisory
FortiWeb Multiple Vulnerabilities
Description
FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and privilege escalation (CVE-2014-1957) issues.
Impact
Script execution and privilege elevation.
Affected Products
FortiWeb 4.4.7 and lower.FortiWeb 5.0.2 and lower.
Solutions
Upgrade to FortiWeb 5.0.3 or higher.
Acknowledgement
Robert van Hamburg of Intermax Security