DescriptionThis article describes a security risk named: "Undefined CVE,
HTTP OPTIONS Method Enabled".Web servers that respond to the OPTIONS
HTTP method expose what other methods are supported by the web server,
allowing attackers to narrow and inte...
DescriptionPCI compliance reports feature an issue called 'HTTP Security
Header notdetected', with a sub-section on X-Content-Type-Options HTTP
header on FortiOS web administration interface (usually on port
443)."""X-Content-Type-Options: This HTTP ...
DescriptionAn information disclosure vulnerability allows a network
adjacent attacker to determine the TCP/IP stack state (including IP
address, TCP sequences,etc) of the system via sending spoofed TCP
packets to the target when the latter operates u...
DescriptionSome vulnerability scanning tools report that the FortiOS
admin webUI login page submits passwords using the GET method; the POST
is suggested to be used instead.the related keywords in such reports can
be:'Password Transmitted over Query ...
DescriptionSome public scanning tools report FortiOS is vulnerable to
ISC BIND DNS vulnerabilities.the vulnerabilities in such reports can be
(but not limited to):CVE-2007-0493: dereferencing freed fetch
contextCVE-2008-0122: Buffer overflow in inet_...