Vulnerabilities > CVE-2014-1956 - Unspecified vulnerability in Fortinet Fortiweb

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
fortinet
nessus

Summary

CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') "http://cwe.mitre.org/data/definitions/113.html"

Vulnerable Configurations

Part Description Count
Application
Fortinet
4

Nessus

NASL familyCGI abuses
NASL idFORTIWEB_FG-IR-13-009.NASL
descriptionThe remote host is running FortiWeb 4.x / 5.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities : - FortiWeb is affected by a cross-site scripting vulnerability due to a failure to sanitize user-supplied input. (CVE-2014-1955) - FortiWeb is affected by an unspecified HTTP header injection vulnerability. (CVE-2014-1956) - FortiWeb is affected by an unspecified privilege escalation vulnerability. (CVE-2014-1957)
last seen2020-06-01
modified2020-06-02
plugin id73528
published2014-04-15
reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/73528
titleFortinet FortiWeb 4.x / 5.x < 5.0.3 Multiple Vulnerabilities