FortiWeb - Uncontrolled resource consumption


An uncontrolled resource consumption vulnerability [CWE-400] in FortiWeb may allow an unauthenticated attacker to cause a denial of service via crafted HTTP requests to proxy services.

Affected Products

FortiWeb version 6.4.0
FortiWeb version 6.3.15 and below
FortiWeb version 6.2.5 and below


Upgrade to FortiWeb version 6.4.1 or above
Upgrade to FortiWeb version 6.3.16 or above
Upgrade to FortiWeb version 6.2.6 or above


Internally discovered and reported by Mattia Fecit of Fortinet Product Security team.