PSIRT Advisory

Uninitialized memory buffer leak in FortiOS explicit web proxy

Summary

An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.

Impact

Information Disclosure

Affected Products

FortiOS 5.6.1 -> 5.6.3
FortiOS 5.4.6 -> 5.4.7
FortiOS 5.2.12 and newer versions.

Solutions

Upgrade to FortiOS 5.4.8, 5.6.4 and 6.0.0 or newer versions.

Acknowledgement

Fortinet is pleased to thank "usd AG" for reporting this vulnerability under responsible disclosure.