CVE-2005-3058
published 2005-12-31CVE-2005-3058: Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.10%
86.1th percentile
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortigate | — | — |
| fortinet | fortigate-1000 | — | — |
| fortinet | fortios | <= 2.8_mr10 | — |
| fortinet | fortios | <= 3_beta | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6r3f-jrxp-9vvc: Fortinet FortiGuard Fortinet FortiGate-1000 3
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2008-7161 [HIGH] GHSA-6r3f-jrxp-9vvc: Fortinet FortiGuard Fortinet FortiGate-1000 3
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058.
GHSA
GHSA-h9mr-6gjh-qmfh: Interpretation conflict in Fortinet FortiGate 2
ghsa_unreviewed·2022-05-01
CVE-2005-3058 [HIGH] GHSA-h9mr-6gjh-qmfh: Interpretation conflict in Fortinet FortiGate 2
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.
No detection rules found.
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.htmlhttp://secunia.com/advisories/18844http://www.fortiguard.com/advisory/FGA-2006-10.htmlhttp://www.securityfocus.com/archive/1/424858/100/0/threadedhttp://www.securityfocus.com/bid/16599http://www.vupen.com/english/advisories/2006/0539https://exchange.xforce.ibmcloud.com/vulnerabilities/24626http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.htmlhttp://secunia.com/advisories/18844http://www.fortiguard.com/advisory/FGA-2006-10.htmlhttp://www.securityfocus.com/archive/1/424858/100/0/threadedhttp://www.securityfocus.com/bid/16599http://www.vupen.com/english/advisories/2006/0539https://exchange.xforce.ibmcloud.com/vulnerabilities/24626
2005-12-31
Published