FortiWeb - Open redirect due to missing domain whitelisting

Summary

A URL redirection to untrusted site ('Open Redirect') [CWE-601] in FortiWeb may allow an authenticated attacker to use the device as proxy to reach any protected host via crafted HTTP requests.

Affected Products

FortiWeb version 6.0.0 through 6.0.7
FortiWeb version 6.1.0 through 6.1.2
FortiWeb version 6.2.0 through 6.2.7
FortiWeb version 6.3.0 through 6.3.15
FortiWeb version 6.4.0 through 6.4.1

 

Solutions

Upgrade to FortiWeb version 7.0.0 and above
Upgrade to FortiWeb version 6.4.2 and above
Upgrade to FortiWeb version 6.3.16 and above

Acknowledgement

Internally discovered and reported by Mattia Fecit of Fortinet Product Security team.