Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
fortinetFortiGuard LabsFG-IR-21-123
HistoryDec 07, 2021 - 12:00 a.m.

FortiWeb - Confused deputy issue on SERVER_NAME causes open proxy flaw

2021-12-0700:00:00
FortiGuard Labs
www.fortiguard.com
11
fortiweb
confused deputy
cwe-441
open proxy
http requests

EPSS

0.001

Percentile

38.1%

JSON

An unintended proxy or intermediary (‘Confused Deputy’) [CWE-441] in FortiWeb may allow an authenticated attacker to use the device as proxy to reach any protected host via crafted HTTP requests.

Related

cvelist 1
cnvd 1
prion 1
cve 1
nvd 1
cvelist
cvelist
CVE-2021-36190
2021-12-08 13:11:05
cnvd
cnvd
Fortinet FortiWeb has an unspecified vulnerability (CNVD-2021-101135)
2021-12-14 00:00:00
prion
prion
Code injection
2021-12-08 14:15:00
cve
cve
CVE-2021-36190
2021-12-08 14:15:09
nvd
nvd
CVE-2021-36190
2021-12-08 14:15:09

EPSS

0.001

Percentile

38.1%

JSON
Related for FG-IR-21-123
cvelist1cnvd1prion1cve1nvd1