PSIRT Advisory

Potential Policy Bypass in FortiWeb Web Application Firewall

Summary

On May 2, 2012 a policy bypass vulnerability was publicly disclosed against Fortinet's FortiWeb Web Application Firewall. This vulnerability may exist if the unit is not configured to inspect and drop malformed / oversized requests. FortiWeb units have been protected against this vulnerability if the proper configuration is in place (see workaround).

Description

On May 2, 2012 a policy bypass vulnerability was publicly disclosed against Fortinet's FortiWeb Web Application Firewall. This vulnerability may exist if the unit is not configured to inspect and drop malformed / oversized requests. FortiWeb units have been protected against this vulnerability if the proper configuration is in place (see workaround).

Impact

Policy Bypass

Affected Products

FortiWeb - All Versions Prior to and Including v4.3 Patch 6.

Solutions

Fortinet recommends to enable "Block Malformed Request" violation in "Protocol Constraints". In current versions of FortiWeb, this may be found under the Web Protection -> Protocol form.
Fortinet is working to a flexible solution for v4.3 Patch 7 which will further address this issue.

References