A server-generated error message containing sensitive information vulnerability [CWE-550] in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy’s client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
CPE | Name | Operator | Version |
---|---|---|---|
fortiproxy | eq | 7.0.1 | |
fortiproxy | eq | 7.0.0 | |
fortiproxy | eq | 2.0.13 | |
fortiproxy | eq | 2.0.12 | |
fortiproxy | eq | 2.0.11 | |
fortiproxy | eq | 2.0.10 | |
fortiproxy | eq | 2.0.9 | |
fortiproxy | eq | 2.0.8 | |
fortiproxy | eq | 2.0.7 | |
fortiproxy | eq | 2.0.6 |