CVE-2005-3058

Fortinet FortiGate 2.8 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3058. PoCs published by Mathieu Dessus.

AI-analyzed exploit summary This exploit demonstrates a URL filtering bypass vulnerability in Fortinet FortiGate devices by sending crafted HTTP requests. It tests various HTTP request formats to evade detection by the FortiGate URL filter.

Description

Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mathieu Dessus · perlremotehardware

https://www.exploit-db.com/exploits/27203

View Code ZIP pw:eip

This exploit demonstrates a URL filtering bypass vulnerability in Fortinet FortiGate devices by sending crafted HTTP requests. It tests various HTTP request formats to evade detection by the FortiGate URL filter.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Fortinet FortiGate FortiOS v2.8MR10 and v3beta

No auth needed

Prerequisites: Network access to the FortiGate device · FortiGate device with URL filtering enabled

MITRE ATT&CK