Fortinet FortiWeb 4.x / 5.x < 5.0.3 Multiple Vulnerabilities

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host is running FortiWeb 4.x / 5.x prior to 5.0.3. It is,
therefore, affected by multiple vulnerabilities :

- FortiWeb is affected by a cross-site scripting
vulnerability due to a failure to sanitize
user-supplied input. (CVE-2014-1955)

- FortiWeb is affected by an unspecified HTTP header
injection vulnerability. (CVE-2014-1956)

- FortiWeb is affected by an unspecified privilege
escalation vulnerability. (CVE-2014-1957)

See also :

Solution :

Upgrade to Fortinet FortiWeb 5.0.3 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 73528 ()

Bugtraq ID: 65660

CVE ID: CVE-2014-1955

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now