FortiProxy - system file leak through SSL VPN special crafted HTTP resource requests
Summary
A path traversal vulnerability in the FortiProxy SSL VPN web portal may allow a non-authenticated, remote attacker to download FortiProxy system files through specially crafted HTTP resource requests.
Affected Products
FortiProxy versions 2.0.0FortiProxy versions 1.2.8 and below.
FortiProxy versions 1.1.6 and below.
FortiProxy versions 1.0.7 and below.
Solutions
Please upgrade to FortiProxy versions 1.2.9 or above. Please upgrade to FortiProxy versions 2.0.1 or above.