PSIRT Advisories

FortiWeb - Incorrect handling of large requests leads to denial of service


An uncontrolled resource consumption vulnerability [CWE-400] in FortiWeb may allow an unauthenticated attacker to cause a Denial of Service to the FortiWeb's HTTP daemon via sending a large amount of crafted HTTP requests.

Affected Products

FortiWeb version 6.4.1 and below.
FortiWeb version 6.3.15 and below.
FortiWeb version 6.2.5 and below.


Upgrade to the upcoming FortiWeb version 7.0.0 or above.

Upgrade to FortiWeb version 6.4.2 or above.

Upgrade to FortiWeb version 6.3.16 or above.

Upgrade to FortiWeb version 6.2.6 or above.


Internally discovered and reported by Mattia Fecit of Fortinet Product Security team.