FortiOS HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
Crash of the HTTPD service.
FortiOS versions 6.0.10 and below. FortiOS versions 6.2.2 and below.
Please upgrade to FortiGate version 6.0.11 or above. Please upgrade to FortiGate version 6.2.3 or above. Please upgrade to FortiGate version 6.4.0 or above.
Fortinet is pleased to thank Cody Sixteen ( https://code610.blogspot.com/) for reporting this issue under responsible disclosure.