Vulnerabilities > CVE-2014-1956 - Unspecified vulnerability in Fortinet Fortiweb
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') "http://cwe.mitre.org/data/definitions/113.html"
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family | CGI abuses |
NASL id | FORTIWEB_FG-IR-13-009.NASL |
description | The remote host is running FortiWeb 4.x / 5.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities : - FortiWeb is affected by a cross-site scripting vulnerability due to a failure to sanitize user-supplied input. (CVE-2014-1955) - FortiWeb is affected by an unspecified HTTP header injection vulnerability. (CVE-2014-1956) - FortiWeb is affected by an unspecified privilege escalation vulnerability. (CVE-2014-1957) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 73528 |
published | 2014-04-15 |
reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/73528 |
title | Fortinet FortiWeb 4.x / 5.x < 5.0.3 Multiple Vulnerabilities |