PSIRT Advisories

FortiPortal - Denial of service vulnerabilities

Summary

Multiple uncontrolled resource consumption vulnerabilities [CWE-400] in the web interface of FortiPortal may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.

Affected Products

FortiPortal 6.0.5 and below.
FortiPortal 5.3.6 and below.
FortiPortal 5.2.5 and below.
FortiPortal 5.1.2 and below.
FortiPortal 5.0.3 and below.
FortiPortal 4.2.4 and below.
FortiPortal 4.1.2 and below.
FortiPortal 4.0.4 and below.

Solutions

Upgrade to FortiPortal 6.0.6. or above.

Upgrade to FortiPortal 5.3.7 or above.

Acknowledgement

Discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.