Lucene search
William Costa1337DAY-ID-22220HistoryMay 08, 2014 - 12:00 a.m.
Fortiweb 5.1.x Cross Site Request Forgery Vulnerability
2014-05-0800:00:00
William Costa
0day.today
21
EPSS
0.002
Percentile
51.7%
FortiWeb versions 5.1.x and below suffer from a cross site request forgery vulnerability.
FortiWeb Cross-Site Request Forgery Vulnerability
Multiple CSRF vulnerabilities exist in the FortiWeb web administration console due to lack of CSRF token protection. This could allow remote attackers to perform administrative actions under specific conditions.
Impact
A remote unauthenticated attacker may be able to trick a user into making an unintentional request to the web administration interface, via link or JavaScript hosted on a malicious web page. This forged request may be treated as authentic and result in unauthorized actions in the web administration interface. A successful attack would require the administrator to be logged in, and attacker knowledge of the internal FortiWeb administration URL.
Affected Products
FortiWeb 5.1.x and lower.
Solutions
Upgrade to FortiWeb 5.2.0 or higher.
Acknowledgement
This vulnerability was separately reported by both William Costa and Enrique Nissim.
# 0day.today [2018-04-10] #Related
nessus
nessus
Fortinet FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities
2014-05-20 00:00:00
openvas
openvas
Fortinet FortiWeb CSRF Vulnerability (FG-IR-14-013)
2015-02-11 00:00:00
nvd
nvd
CVE-2014-3115
2014-05-08 14:29:14
cert
cert
Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability
2014-05-07 00:00:00
fortinet
fortinet
FortiWeb Cross-Site Request Forgery Vulnerability
2014-05-02 00:00:00
cve
cve
CVE-2014-3115
2014-05-08 14:29:14
cvelist
cvelist
CVE-2014-3115
2014-05-08 14:00:00
prion
prion
Cross site request forgery (csrf)
2014-05-08 14:29:00