A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 up to and including 7.0.3, 6.4.0 up to and including 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 up to and including 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortios |
||
fortinet fortiproxy |