Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A buffer overflow vulnerability exists, which stems from multiple stack buffer overflows in FortiWeb’s API controller [CWE-121], and can be exploited by an authenticated attacker to achieve arbitrary code execution via specially crafted requests.
CPE | Name | Operator | Version |
---|---|---|---|
Fortinet FortiWeb | eq | 6.4.0 | |
Fortinet FortiWeb | eq | 6.4.1 | |
Fortinet FortiWeb >=6.3.0, | le | 6.3.15 |