PT-2021-11626 · Fortinet · Fortiweb
Andrey Medov
·
Published
2021-01-14
·
Updated
2021-01-20
·
CVE-2020-29019
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
FortiWeb versions 6.3.0 through 6.3.7
FortiWeb versions prior to 6.2.4
Description:
A stack-based buffer overflow issue may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted
cookie header.Recommendations:
For FortiWeb versions 6.3.0 through 6.3.7, update to a version outside of this range to resolve the issue.
For FortiWeb versions prior to 6.2.4, update to version 6.2.4 or later to resolve the issue.
As a temporary workaround, consider restricting access to the httpd daemon thread to minimize the risk of exploitation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiweb