FortiWeb - Uncontrolled resource consumption

Summary

An uncontrolled resource consumption vulnerability [CWE-400] in FortiWeb may allow an unauthenticated attacker to cause a denial of service via crafted HTTP requests to proxy services.

Affected Products

FortiWeb version 6.4.0
FortiWeb version 6.3.15 and below
FortiWeb version 6.2.5 and below

Solutions

Upgrade to FortiWeb version 6.4.1 or above
Upgrade to FortiWeb version 6.3.16 or above
Upgrade to FortiWeb version 6.2.6 or above

Acknowledgement

Internally discovered and reported by Mattia Fecit of Fortinet PSIRT team.