FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability

FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability

Summary

A stack-based buffer overflow vulnerability in the HTTPD daemon of FortiProxy may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server.

Impact

Crash of the HTTPD service.

Affected Products

FortiProxy versions 2.0.1 and below. FortiProxy versions 1.2.9 and below. FortiProxy versions 1.1.x. FortiProxy versions 1.0.x.

Solutions

Please upgrade to Fortiproxy version 1.2.10 or above. Please upgrade to Fortiproxy version 2.0.2 or above.

Acknowledgement

Fortinet is pleased to thank Cody Sixteen ( https://code610.blogspot.com/) for reporting this issue under responsible disclosure.