Details of VAR-200909-0034

ID

VAR-200909-0034

CVE

CVE-2008-7161

TITLE

Fortinet FortiGuard Fortinet FortiGate-1000 In URL Vulnerabilities that bypass the filter

Trust: 0.8

sources: JVNDB: JVNDB-2009-003139

DESCRIPTION

Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058. An attacker can exploit this issue to view unauthorized websites, bypassing certain security restrictions. This may lead to other attacks. NOTE: This issue may be related to the vulnerability described in BID 16599 (Fortinet Fortigate URL Filtering Bypass Vulnerability)

Trust: 1.98

sources: NVD: CVE-2008-7161 // JVNDB: JVNDB-2009-003139 // BID: 27276 // VULHUB: VHN-37286

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortigate-1000	scope:	eq	version:	3.00	Trust: 1.9
vendor:	fortinet	model:	fortigate-1000	scope:	eq	version:	3.00 build 040075	Trust: 0.8
vendor:	fortinet	model:	fortigate-1000	scope:	eq	version:	070111	Trust: 0.8

sources: BID: 27276 // JVNDB: JVNDB-2009-003139 // CNNVD: CNNVD-200909-063 // NVD: CVE-2008-7161

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-7161
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-7161
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200909-063
value:	HIGH
Trust: 0.6
VULHUB:	VHN-37286
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-7161
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-37286
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-37286 // JVNDB: JVNDB-2009-003139 // CNNVD: CNNVD-200909-063 // NVD: CVE-2008-7161

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-37286 // JVNDB: JVNDB-2009-003139 // NVD: CVE-2008-7161

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-063

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200909-063

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003139

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-37286

PATCH

title:

Top Page

url:

http://www.fortinet.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-003139

EXTERNAL IDS

db:	NVD	id:	CVE-2008-7161	Trust: 2.8
db:	BID	id:	27276	Trust: 2.0
db:	JVNDB	id:	JVNDB-2009-003139	Trust: 0.8
db:	CNNVD	id:	CNNVD-200909-063	Trust: 0.7
db:	XF	id:	39684	Trust: 0.6
db:	BUGTRAQ	id:	20080103 FORTIGUARD: URL FILTERING APPLICATION BYPASS VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20080104 RE: FORTIGUARD: URL FILTERING APPLICATION BYPASS VULNERABILITY	Trust: 0.6
db:	EXPLOIT-DB	id:	31026	Trust: 0.1
db:	VULHUB	id:	VHN-37286	Trust: 0.1

sources: VULHUB: VHN-37286 // BID: 27276 // JVNDB: JVNDB-2009-003139 // CNNVD: CNNVD-200909-063 // NVD: CVE-2008-7161

REFERENCES

url:	http://www.securityfocus.com/bid/27276	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/485794/100/200/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/485813/100/200/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/39684	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7161	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-7161	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/39684	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/485813/100/200/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/485794/100/200/threaded	Trust: 0.6
url:	http://www.fortinet.com/	Trust: 0.3
url:	http://lists.immunitysec.com/pipermail/dailydave/2008-january/004814.html	Trust: 0.3

sources: VULHUB: VHN-37286 // BID: 27276 // JVNDB: JVNDB-2009-003139 // CNNVD: CNNVD-200909-063 // NVD: CVE-2008-7161

CREDITS

H. Daniel Regalado Arias is credited with the discovery of this vulnerability.

Trust: 0.3

sources: BID: 27276

SOURCES

db:	VULHUB	id:	VHN-37286
db:	BID	id:	27276
db:	JVNDB	id:	JVNDB-2009-003139
db:	CNNVD	id:	CNNVD-200909-063
db:	NVD	id:	CVE-2008-7161

LAST UPDATE DATE

2025-04-10T23:21:27.439000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-37286	date:	2018-10-11T00:00:00
db:	BID	id:	27276	date:	2015-04-16T18:06:00
db:	JVNDB	id:	JVNDB-2009-003139	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200909-063	date:	2009-09-09T00:00:00
db:	NVD	id:	CVE-2008-7161	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-37286	date:	2009-09-04T00:00:00
db:	BID	id:	27276	date:	2008-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2009-003139	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200909-063	date:	2009-09-04T00:00:00
db:	NVD	id:	CVE-2008-7161	date:	2009-09-04T10:30:01.750