Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3058

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3058
Last Modified 11 Oct 2011 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3058

Summary

Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.

Vulnerable Systems

Operating System

  • Fortinet Fortios 2.8 Mr10

  • Fortinet Fortios 3 Beta


References

XF - fortinet-web-filter-bypass(24626)

VUPEN - ADV-2006-0539

BID - 16599

BUGTRAQ - 20060213 URL filter bypass in Fortinet

MISC - http://www.fortiguard.com/advisory/FGA-2006-10.html

SECUNIA - 18844


Last Updated: 27 May 2016 10:40:47