ID

VAR-201404-0183


CVE

CVE-2014-1956


TITLE

FortiGuard FortiWeb In CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002343

DESCRIPTION

CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Fortinet Fortiweb is prone to multiple security vulnerabilities, including; 1. A cross-site scripting vulnerability 2. A security-bypass vulnerability 3. Fortinet Fortiweb 5.0.2 and prior are vulnerable. Fortinet FortiGuard FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc. Sensitive database content. CRLF injection vulnerability exists in Fortinet FortiGuard FortiWeb 5.0.2 and earlier versions

Trust: 1.98

sources: NVD: CVE-2014-1956 // JVNDB: JVNDB-2014-002343 // BID: 65660 // VULHUB: VHN-69895

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:lteversion:5.0.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:5.0.2

Trust: 0.9

vendor:fortinetmodel:fortiwebscope:ltversion:5.0.3

Trust: 0.8

vendor:fortinetmodel:fortiwebscope:eqversion:4.4.7

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:neversion:5.0.3

Trust: 0.3

sources: BID: 65660 // JVNDB: JVNDB-2014-002343 // CNNVD: CNNVD-201404-604 // NVD: CVE-2014-1956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1956
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1956
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201404-604
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69895
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1956
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-1956
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-69895
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69895 // JVNDB: JVNDB-2014-002343 // CNNVD: CNNVD-201404-604 // NVD: CVE-2014-1956

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-002343 // NVD: CVE-2014-1956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-604

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201404-604

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002343

PATCH

title:FortiWeb Multiple Vulnerabilitiesurl:http://www.fortiguard.com/advisory/FG-IR-13-009/

Trust: 0.8

sources: JVNDB: JVNDB-2014-002343

EXTERNAL IDS

db:NVDid:CVE-2014-1956

Trust: 2.8

db:JVNDBid:JVNDB-2014-002343

Trust: 0.8

db:CNNVDid:CNNVD-201404-604

Trust: 0.7

db:SECUNIAid:56981

Trust: 0.6

db:BIDid:65660

Trust: 0.3

db:VULHUBid:VHN-69895

Trust: 0.1

sources: VULHUB: VHN-69895 // BID: 65660 // JVNDB: JVNDB-2014-002343 // CNNVD: CNNVD-201404-604 // NVD: CVE-2014-1956

REFERENCES

url:http://www.fortiguard.com/advisory/fg-ir-13-009/

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1956

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1956

Trust: 0.8

url:http://secunia.com/advisories/56981

Trust: 0.6

url:http://www.fortinet.com/

Trust: 0.3

sources: VULHUB: VHN-69895 // BID: 65660 // JVNDB: JVNDB-2014-002343 // CNNVD: CNNVD-201404-604 // NVD: CVE-2014-1956

CREDITS

Robert van Hamburg of Intermax Security

Trust: 0.3

sources: BID: 65660

SOURCES

db:VULHUBid:VHN-69895
db:BIDid:65660
db:JVNDBid:JVNDB-2014-002343
db:CNNVDid:CNNVD-201404-604
db:NVDid:CVE-2014-1956

LAST UPDATE DATE

2024-08-14T14:21:08.757000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-69895date:2014-07-18T00:00:00
db:BIDid:65660date:2014-02-13T00:00:00
db:JVNDBid:JVNDB-2014-002343date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-604date:2014-05-06T00:00:00
db:NVDid:CVE-2014-1956date:2014-07-18T18:38:07.713

SOURCES RELEASE DATE

db:VULHUBid:VHN-69895date:2014-04-30T00:00:00
db:BIDid:65660date:2014-02-13T00:00:00
db:JVNDBid:JVNDB-2014-002343date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-604date:2014-04-30T00:00:00
db:NVDid:CVE-2014-1956date:2014-04-30T14:22:06.203