Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.
Score CVSS v2.0
7.5
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Informations
- Publié
- 31 déc. 2005
- Mis à jour
- 16 avr. 2026
- Statut
- Modified
- Source
- cve@mitre.org
Produits affectés
fortinet fortiosToutes les CVE Fortinet FortiOS →
Versions : 2.8_mr10, 3_beta
fortinet fortigate
Versions : 2.8
Faiblesses (CWE)
CWE-264
Références (14)
- http://secunia.com/advisories/18844Vendor Advisory
- http://www.vupen.com/english/advisories/2006/0539Vendor Advisory
- http://secunia.com/advisories/18844Vendor Advisory
- http://www.vupen.com/english/advisories/2006/0539Vendor Advisory
CVEs similaires
Autres vulnérabilités de type CWE-264
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.