Home

Description

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.

PUBLISHED Reserved 2018-07-06 | Published 2019-06-04 | Updated 2024-10-25 | Assigner fortinet

Problem types

Improper Access Control

Product status

FortiOS all versions below 6.0.5
affected

References

fortiguard.com/advisory/FG-IR-19-002

fortiguard.com/advisory/FG-IR-19-002

cve.org (CVE-2018-13384)

nvd.nist.gov (CVE-2018-13384)