FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-007
Final
1
1
2021-04-06T00:00:00
Current version
2021-04-06T00:00:00
2021-04-06T00:00:00
A stack-based buffer overflow vulnerability in the HTTPD daemon of FortiProxy may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server.
Crash of the HTTPD service.
FortiProxy versions 2.0.1 and below. FortiProxy versions 1.2.9 and below. FortiProxy versions 1.1.x. FortiProxy versions 1.0.x.
Please upgrade to Fortiproxy version 1.2.10 or above. Please upgrade to Fortiproxy version 2.0.2 or above.
Fortinet is pleased to thank Cody Sixteen ( https://code610.blogspot.com/) for reporting this issue under responsible disclosure.
FortiProxy 2.0.1
FortiProxy 2.0.0
FortiProxy 1.2.9
FortiProxy 1.2.8
FortiProxy 1.2.7
FortiProxy 1.2.6
FortiProxy 1.2.5
FortiProxy 1.2.4
FortiProxy 1.2.3
FortiProxy 1.2.2
FortiProxy 1.2.1
FortiProxy 1.2.0
FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability
CVE-2019-17656
FortiProxy-2.0.1
FortiProxy-2.0.0
FortiProxy-1.2.9
FortiProxy-1.2.8
FortiProxy-1.2.7
FortiProxy-1.2.6
FortiProxy-1.2.5
FortiProxy-1.2.4
FortiProxy-1.2.3
FortiProxy-1.2.2
FortiProxy-1.2.1
FortiProxy-1.2.0
5.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-21-007
FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability
Reference>