Fortinet FortiWeb 4.x / 5.x < 5.0.3 Multiple Vulnerabilities

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host is running FortiWeb 4.x / 5.x prior to 5.0.3. It is,
therefore, affected by multiple vulnerabilities :

- FortiWeb is affected by a cross-site scripting
vulnerability due to a failure to sanitize
user-supplied input. (CVE-2014-1955)

- FortiWeb is affected by an unspecified HTTP header
injection vulnerability. (CVE-2014-1956)

- FortiWeb is affected by an unspecified privilege
escalation vulnerability. (CVE-2014-1957)

See also :

http://www.fortiguard.com/advisory/FG-IR-13-009

Solution :

Upgrade to Fortinet FortiWeb 5.0.3 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 73528 ()

Bugtraq ID: 65660

CVE ID: CVE-2014-1955
CVE-2014-1956
CVE-2014-1957

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now