| IR Number | FG-IR-21-131 |
| Date | Dec 7, 2021 |
| Severity |
High |
| CVSSv3 Score | 7.1 |
| Impact | Denial of service |
| CVE ID | CVE-2021-41014 |
| Affected Products |
FortiWeb
:
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - Incorrect handling of large requests leads to denial of service
Summary
An uncontrolled resource consumption vulnerability [CWE-400] in FortiWeb may allow an unauthenticated attacker to cause a Denial of Service to the FortiWeb's HTTP daemon via sending a large amount of crafted HTTP requests.
Affected Products
FortiWeb version 6.4.1 and below.
FortiWeb version 6.3.15 and below.
FortiWeb version 6.2.5 and below.
Solutions
Upgrade to the upcoming FortiWeb version 7.0.0 or above.
Upgrade to FortiWeb version 6.4.2 or above.
Upgrade to FortiWeb version 6.3.16 or above.
Upgrade to FortiWeb version 6.2.6 or above.