Info

Disclosure

Nov 12, 2003

Discovery

Unknown

Dates

Exploit

Nov 12, 2003

Solution

Unknown

Description

Fortinet Fortigate Firewall contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate "button" variables upon submission to the "selector" script. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 2.50 MR5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Fortinet, Inc.	Fortigate	2.36
		2.5
		2.5 MR4

References

ISS X-Force ID: 13742
Related OSVDB ID: 3289 3294 3295
Bugtraq ID: 9033
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0037.html
Vendor URL: http://www.fortinet.com/

Credit

Maarten Hartsuijker - maartenhartsuijker.com -

Direct URL: http://osvdb.org/3296

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Fortinet, Inc.

Fortigate

References

Credit