Uncontrolled resource consumption
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-039
Final
1
1
2021-11-02T00:00:00
Current version
2021-11-02T00:00:00
2021-11-02T00:00:00
An uncontrolled resource consumption vulnerability [CWE-400] in FortiWeb may allow an unauthenticated attacker to cause a denial of service via crafted HTTP requests to proxy services.
Denial of service
FortiWeb version 6.4.0FortiWeb version 6.3.15 and belowFortiWeb version 6.2.5 and below
Upgrade to FortiWeb version 6.4.1 or aboveUpgrade to FortiWeb version 6.3.16 or aboveUpgrade to FortiWeb version 6.2.6 or above
Internally discovered and reported by Mattia Fecit of Fortinet PSIRT team.
Uncontrolled resource consumption
CVE-2021-36187
5.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-039
Uncontrolled resource consumption
Reference>