PSIRT Advisories

Uninitialized memory buffer leak in FortiOS explicit web proxy


An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.

Affected Products

FortiOS 5.6.1 -> 5.6.3
FortiOS 5.4.6 -> 5.4.7
FortiOS 5.2.12 and newer versions.


Upgrade to FortiOS 5.4.8, 5.6.4 and 6.0.0 or newer versions.


Fortinet is pleased to thank "usd AG" for reporting this vulnerability under responsible disclosure.