FortiWeb - Weak generation of WAF session IDs leads to session fixation

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.