var-201906-0819
Vulnerability from variot
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. Fortinet FortiOS Contains an open redirect vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to a host header-injection vulnerability because it fails to properly validate an HTTP request header. A successful attack may allow attackers to insert a crafted host header to navigate the victim to the attacker's domain. Versions prior to FortiOS 6.0.5 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Attackers can exploit this vulnerability by sending specially crafted HTTP requests to redirect users to their specified websites
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0819", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortios", scope: "lt", trust: 1.8, vendor: "fortinet", version: "6.0.5", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "6.0.4", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "6.0.3", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "6.0.2", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "6.0.1", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "6.0", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.6.8", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.6.7", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.6.6", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.6.5", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.6.4", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.6.3", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.6.2", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.6", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.10", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.9", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.8", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.7", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.6", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.5", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.4", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.3", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.2", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.1", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.12", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.11", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.8", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.6", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.5", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.4", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.3", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.2", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.1", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.13", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.9", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.8", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.7", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.3", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.2", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.1", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.7.7", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.19", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.17", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.15", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.10", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.9", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.8", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.2.13", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.2.12", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.1.11", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.1.10", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "3.0", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "2.80", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "2.50", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "2.36", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.6.1", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4.0", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.4", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.9", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.10", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2.0", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.2", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.6", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.5", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.4", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.12", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.11", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0.0", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "5.0", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.18", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.16", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.14", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.13", }, { model: "fortios", scope: "eq", trust: 0.3, vendor: "fortinet", version: "4.3.12", }, { model: "fortios", scope: "ne", trust: 0.3, vendor: "fortinet", version: "6.2", }, { model: "fortios", scope: "ne", trust: 0.3, vendor: "fortinet", version: "6.0.5", }, ], sources: [ { db: "BID", id: "108454", }, { db: "JVNDB", id: "JVNDB-2018-015562", }, { db: "NVD", id: "CVE-2018-13384", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:fortinet:fortios", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-015562", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Julio Sanchez.", sources: [ { db: "BID", id: "108454", }, ], trust: 0.3, }, cve: "CVE-2018-13384", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2018-13384", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-123438", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2018-13384", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1.8, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-13384", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2018-13384", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201905-879", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-123438", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-123438", }, { db: "JVNDB", id: "JVNDB-2018-015562", }, { db: "CNNVD", id: "CNNVD-201905-879", }, { db: "NVD", id: "CVE-2018-13384", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. Fortinet FortiOS Contains an open redirect vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to a host header-injection vulnerability because it fails to properly validate an HTTP request header. \nA successful attack may allow attackers to insert a crafted host header to navigate the victim to the attacker's domain. \nVersions prior to FortiOS 6.0.5 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Attackers can exploit this vulnerability by sending specially crafted HTTP requests to redirect users to their specified websites", sources: [ { db: "NVD", id: "CVE-2018-13384", }, { db: "JVNDB", id: "JVNDB-2018-015562", }, { db: "BID", id: "108454", }, { db: "VULHUB", id: "VHN-123438", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-13384", trust: 2.8, }, { db: "JVNDB", id: "JVNDB-2018-015562", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201905-879", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2019.1823", trust: 0.6, }, { db: "BID", id: "108454", trust: 0.3, }, { db: "VULHUB", id: "VHN-123438", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-123438", }, { db: "BID", id: "108454", }, { db: "JVNDB", id: "JVNDB-2018-015562", }, { db: "CNNVD", id: "CNNVD-201905-879", }, { db: "NVD", id: "CVE-2018-13384", }, ], }, id: "VAR-201906-0819", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-123438", }, ], trust: 0.01, }, last_update_date: "2024-11-23T21:52:10.137000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-19-002", trust: 0.8, url: "https://fortiguard.com/advisory/FG-IR-19-002", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-015562", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-601", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-123438", }, { db: "JVNDB", id: "JVNDB-2018-015562", }, { db: "NVD", id: "CVE-2018-13384", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-19-002", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2018-13384", }, { trust: 0.9, url: "https://fortiguard.com/psirt/fg-ir-19-002", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13384", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/fortinet-fortios-open-redirect-via-the-vpn-portal-29386", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.1823/", }, { trust: 0.3, url: "https://www.fortinet.com/", }, ], sources: [ { db: "VULHUB", id: "VHN-123438", }, { db: "BID", id: "108454", }, { db: "JVNDB", id: "JVNDB-2018-015562", }, { db: "CNNVD", id: "CNNVD-201905-879", }, { db: "NVD", id: "CVE-2018-13384", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-123438", }, { db: "BID", id: "108454", }, { db: "JVNDB", id: "JVNDB-2018-015562", }, { db: "CNNVD", id: "CNNVD-201905-879", }, { db: "NVD", id: "CVE-2018-13384", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-04T00:00:00", db: "VULHUB", id: "VHN-123438", }, { date: "2018-05-17T00:00:00", db: "BID", id: "108454", }, { date: "2019-06-17T00:00:00", db: "JVNDB", id: "JVNDB-2018-015562", }, { date: "2019-05-22T00:00:00", db: "CNNVD", id: "CNNVD-201905-879", }, { date: "2019-06-04T21:29:00.407000", db: "NVD", id: "CVE-2018-13384", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-05T00:00:00", db: "VULHUB", id: "VHN-123438", }, { date: "2018-05-17T00:00:00", db: "BID", id: "108454", }, { date: "2019-06-17T00:00:00", db: "JVNDB", id: "JVNDB-2018-015562", }, { date: "2019-06-06T00:00:00", db: "CNNVD", id: "CNNVD-201905-879", }, { date: "2024-11-21T03:46:59.950000", db: "NVD", id: "CVE-2018-13384", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201905-879", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiOS Open redirect vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-015562", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Input Validation Error", sources: [ { db: "BID", id: "108454", }, { db: "CNNVD", id: "CNNVD-201905-879", }, ], trust: 0.9, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.