PSIRT Advisories

FortiPortal - Denial of service vulnerabilities


Multiple uncontrolled resource consumption vulnerabilities [CWE-400] in the web interface of FortiPortal may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.

Affected Products

FortiPortal 6.0.5 and below.
FortiPortal 5.3.6 and below.
FortiPortal 5.2.5 and below.
FortiPortal 5.1.2 and below.
FortiPortal 5.0.3 and below.
FortiPortal 4.2.4 and below.
FortiPortal 4.1.2 and below.
FortiPortal 4.0.4 and below.


Upgrade to FortiPortal 6.0.6. or above.

Upgrade to FortiPortal 5.3.7 or above.


Discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.