Potential Policy Bypass in FortiWeb Web Application Firewall

ID FG-IR-012-002
Type fortinet
Reporter FortiGuard Labs
Modified 2012-05-04T00:00:00


On May 2, 2012 a policy bypass vulnerability was publicly disclosed against Fortinet's FortiWeb Web Application Firewall. This vulnerability may exist if the unit is not configured to inspect and drop malformed / oversized requests. FortiWeb units have been protected against this vulnerability if the proper configuration is in place (see workaround).