A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 up to and including 6.3.16, 6.2.0 up to and including 6.2.6, 6.1.0 up to and including 6.1.2, 6.0.0 up to and including 6.0.7, 5.9.0 up to and including 5.9.1 may allow a remote, unauthenticated malicious user to infer the session identifier of other users and possibly usurp their session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiweb |