FortiProxy SSL VPN buffer overflow when parsing javascript href content
Summary
A heap buffer overflow vulnerability in the FortiProxy SSL VPN web portal may cause the SSL VPN web service termination for logged in users or potential remote code execution on FortiProxy. This happens when an authenticated user visits a specifically crafted proxied webpage and is due to a failure to handle Javascript HREF content properly.
Affected Products
FortiProxy version 2.0.0
FortiProxy versions 1.2.8 and below.
FortiProxy versions 1.1 all versions
FortiProxy versions 1.0 all versions
Solutions
Please upgrade to FortiProxy versions 2.0.1 or above. Please upgrade to FortiProxy versions 1.2.9 or above.