Uninitialized memory buffer leak in FortiOS explicit web proxy
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-18-325
Final
1
1
2018-11-22T00:00:00
Current version
2018-11-22T00:00:00
2018-11-22T00:00:00
An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
Information Disclosure
FortiOS 5.6.1 -> 5.6.3FortiOS 5.4.6 -> 5.4.7FortiOS 5.2.12 and newer versions.
Upgrade to FortiOS 5.4.8, 5.6.4 and 6.0.0 or newer versions.
Fortinet is pleased to thank "usd AG" for reporting this vulnerability under responsible disclosure.
FortiOS 6.0.17
FortiOS 6.0.16
FortiOS 6.0.15
FortiOS 6.0.14
FortiOS 6.0.13
FortiOS 6.0.12
FortiOS 6.0.11
FortiOS 6.0.10
FortiOS 6.0.9
FortiOS 6.0.8
FortiOS 6.0.7
FortiOS 6.0.6
FortiOS 6.0.5
FortiOS 5.6.3
FortiOS 5.6.2
FortiOS 5.6.1
FortiOS 5.4.7
FortiOS 5.4.6
FortiOS 5.2.15
FortiOS 5.2.14
FortiOS 5.2.13
FortiOS 5.2.12
Uninitialized memory buffer leak in FortiOS explicit web proxy
CVE-2018-13376
FortiOS-6.0.17
FortiOS-6.0.16
FortiOS-6.0.15
FortiOS-6.0.14
FortiOS-6.0.13
FortiOS-6.0.12
FortiOS-6.0.11
FortiOS-6.0.10
FortiOS-6.0.9
FortiOS-6.0.8
FortiOS-6.0.7
FortiOS-6.0.6
FortiOS-6.0.5
FortiOS-5.6.3
FortiOS-5.6.2
FortiOS-5.6.1
FortiOS-5.4.7
FortiOS-5.4.6
FortiOS-5.2.15
FortiOS-5.2.14
FortiOS-5.2.13
FortiOS-5.2.12
5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-18-325
Uninitialized memory buffer leak in FortiOS explicit web proxy
Reference>