CVE-2005-3058

CVE Database · CVE-2005-3058

CVE-2005-3058

· N/AModified

CVSS v3.1

N/A

EPSS

3.10%

Published

Dec 31, 2005

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

Exploit-DBFortinet Fortigate 2.x/3.0 - URL Filtering Bypass

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.

Weaknesses (CWE)

CWE-264

Affected Products (3)

fortinet · fortiosvulnerable

fortinet · fortigatevulnerable

References (14)

http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html

http://secunia.com/advisories/18844

Vendor Advisory

http://www.fortiguard.com/advisory/FGA-2006-10.html

http://www.securityfocus.com/archive/1/424858/100/0/threaded

http://www.securityfocus.com/bid/16599