Producent oprogramowania Fortinet opublikował najnowszą aktualizację dla FortiWeb o numerze wersji 7.2.0. Dzięki aktualizacji, został naprawiony problem z dekodowaniem Base64, gdzie problem dotyczył braku znaku dopełnienia ,, =”. Ponadto poprawiono działanie technologii CAPTCHA, gdyż czasami nie działała prawidłowo, również od wersji 7.2.0 nie będzie już problemu z nagłówkami HTTP CSP. Po więcej ciekawych informacji zapraszamy do dalszej części posta.
Aktualnie wspierane modele:
- FortiWeb 100D
- FortiWeb 400C
- FortiWeb 400D
- FortiWeb 400E
- FortiWeb 600D
- FortiWeb 600E
- FortiWeb 1000D
- FortiWeb 1000E
- FortiWeb 2000E
- FortiWeb 3000D/3000DFsx
- FortiWeb 3000E
- FortiWeb 3010E
- FortiWeb 4000D
- FortiWeb 4000E
- FortiWeb 100E
- FortiWeb 1000F
- FortiWeb 2000F
- FortiWeb 3000F
- FortiWeb 4000F
- VMware vSphere Hypervisor ESX/ESXi 4.0/4.1/5.0/5.1/5.5/6.0/6.5/6.7/7.0
- Citrix XenServer 6.2/6.5/7.1
- Open source Xen Project (Hypervisor) 4.9 and higher versions
- Microsoft Hyper-V (version 6.2 or higher, running on Windows 8 or higher, or Windows Server 2012/2016/2019)
- KVM (Linux kernel 2.6, 3.0, or 3.1)
- OpenStack Wallaby
- Docker Engine CE 18.09.1 or higher versions, and the equivalent Docker Engine EE versions; Ubuntu18.04.1 LTS
or higher versions - Nutanix AHV
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 0865971 | FSSI related errors occur after switching to Flex VM license. |
| 0865489 | Base64 decoding fails because of missing padding character '=’. |
| 0863863 | Should a dd a search function on the site publish rule in GUI. |
| 0862893 | Support JSON Restful-API on certificate CRL and CA |
| 0859928 | Memory leak occurs in mlapi_daemon on cloud. |
| 0858312 | Error message Refused to get unsafe header „X-FWB-AJAXREPONSE” displays |
| 0850444 | In transparent Inspection mode, the new master device does not work when HA switchover occurs |
| 0849939 | Should add field „eventtime” when sending logs to FortiAnalyzer. |
| 0848896 | The maximum length of the CSP HTTP header should be extended |
| 0842062 | WAD site shows as disconnected and no files being backup even though connection test shows successful. |
| 0840985 | Legitimate users are mistakenly considered as bots due to the current RBE design mechanism |
| 0830883 | URL Rewrite for response packets cannot work when the request body is large and the response is compressed. |
| 0825842 | CAPTCHA challenge cannot work sometimes, which is due to the table size in code |
| 0821873 | Add CLI option client-real-ip-random-port to fix port issue when connecting to pserver |
| 0818909 | More details should be explained in the error message when uploading JSON file fails. |
| 0806491 | Should support single source IP in health check. |
| 0791636 | The reqeusts with 304 response and dropped by Cache should not be added to blocked requests. |
| 0856580 | FortiWeb 7.2.0 is no longer vulnerable to the following CWE-Reference: CWE415. |
Notatki producenta: FortiWeb 7.2.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie