Fortinet Community

ericwang_FTNT · 01-27-2022

DescriptionThis article describes a security risk named: "Undefined CVE, HTTP OPTIONS Method Enabled".Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and inte...

ericwang_FTNT · 03-29-2020

DescriptionPCI compliance reports feature an issue called 'HTTP Security Header notdetected', with a sub-section on X-Content-Type-Options HTTP header on FortiOS web administration interface (usually on port 443)."""X-Content-Type-Options: This HTTP ...

ericwang_FTNT · 03-12-2020

DescriptionAn information disclosure vulnerability allows a network adjacent attacker to determine the TCP/IP stack state (including IP address, TCP sequences,etc) of the system via sending spoofed TCP packets to the target when the latter operates u...

ericwang_FTNT · 11-14-2019

DescriptionSome vulnerability scanning tools report that the FortiOS admin webUI login page submits passwords using the GET method; the POST is suggested to be used instead.the related keywords in such reports can be:'Password Transmitted over Query ...

ericwang_FTNT · 11-14-2019

DescriptionSome public scanning tools report FortiOS is vulnerable to ISC BIND DNS vulnerabilities.the vulnerabilities in such reports can be (but not limited to):CVE-2007-0493: dereferencing freed fetch contextCVE-2008-0122: Buffer overflow in inet_...

Fortinet Community

User Statistics

User Activity

PSIRT Note: Undefined CVE, HTTP OPTIONS Method Enabled

PSIRT Note: X-Content-Type-Options HTTP Header missing on port 443

PSIRT Note: CVE-2019-14899 Inferring and hijacking VPN-tunneled TCP connections

PSIRT Note: Vulnerability Scanner false positive: FortiOS admin webUI Password field submitted using the GET method

PSIRT Note: Vulnerability Scanner false positive FortiOS ISC BIND DNS vulnerabilities false alarm

PSIRT Note: Undefined CVE, HTTP OPTIONS Method Ena...

KCS

Fortinet Training Institute