PT-2021-21168 · Fortinet · Fortiweb

Published

2021-11-02

Updated

2021-11-04

CVE-2021-36187

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 6.4.0, 6.3.15 and below, 6.2.5 and below

Description The issue is related to uncontrolled resource consumption, allowing an attacker to cause a denial of service for the webserver daemon via crafted HTTP requests.

Recommendations For Fortinet FortiWeb version 6.4.0, update to a version that fixes the issue. For Fortinet FortiWeb versions 6.3.15 and below, update to a version that fixes the issue. For Fortinet FortiWeb versions 6.2.5 and below, update to a version that fixes the issue.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-36187

Affected Products

Fortiweb

PT-2021-21168 · Fortinet · Fortiweb

CVE-2021-36187

Weakness Enumeration

Related Identifiers

Affected Products

References · 4