An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103430 | Mitigation Third Party Advisory VDB Entry |
https://fortiguard.com/advisory/FG-IR-17-279 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2018-03-06T00:00:00
Updated: 2019-04-09T15:21:25
Reserved: 2017-09-07T00:00:00
Link: CVE-2017-14191
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-20T13:29:00.247
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-14191
JSON object: View
Redhat Information
No data.
CWE