CVE-2005-3058

Fortinet FortiGate 2.8 - Auth Bypass

Title source: llm

Description

Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mathieu Dessus · perlremotehardware

https://www.exploit-db.com/exploits/27203

View Code ZIP pw:eip

References (7)

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/424858/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24626

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16599

[Vendor Advisory] http://secunia.com/advisories/18844

[Vendor Advisory] http://www.fortiguard.com/advisory/FGA-2006-10.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/0539

Scores

EPSS 0.0265

EPSS Percentile 85.8%

Details

CWE

CWE-264

Status published

Products (2)

fortinet/fortigate 2.8

fortinet/fortios < 2.8_mr10

Published Dec 31, 2005

Tracked Since Feb 18, 2026