发布日期:2012-01-27
更新日期:2012-02-02受影响系统:
Fortinet FortiGate 800
Fortinet FortiGate 620B
Fortinet FortiGate 5000
Fortinet FortiGate 3950
Fortinet FortiGate 3810A
Fortinet FortiGate 3600A
Fortinet FortiGate 311B
Fortinet FortiGate 310B
Fortinet FortiGate 3016B
Fortinet FortiGate 300A
Fortinet FortiGate 224B
Fortinet FortiGate 200B
Fortinet FortiGate 1240B
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 51708FortiGate系列安全产品可检测和消除网络威胁。Fortigate UTM WAF设备在实现上存在多个跨站脚本执行和HTML注入漏洞,成功利用后可允许执行恶意HTML和脚本代码,窃取Cookie验证凭证并跨站网站外观。<*来源:Benjamin Kunz Mejri (Rem0ve)
链接:http://vulnerability-lab.com/get_content.php?id=144
*>建议:
--------------------------------------------------------------------------------
厂商补丁:Fortinet
--------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.fortinetfirewall.com/index.phpSyneto Unified Threat Management跨站请求伪造漏洞Kaixin远程非法访问漏洞相关资讯 Fortigate
- Fortinet FortiOS Cookie解析器缓 (今 17:24)
- FortiGuard FortiWeb CRLF注入漏洞 (05/05/2014 15:05:37)
- Fortinet FortiOS "mkey"参数跨站 (02/14/2014 11:42:40)
| - FortiGuard FortiWeb跨站脚本执行 (05/07/2014 05:39:55)
- Fortinet Fortiweb "filter"参数跨 (02/22/2014 08:02:06)
- Fortinet FortiOS (FortiGate) “ (12/05/2012 06:58:28)
|
本文评论 查看全部评论 (0)
易网时代-编程资源站