Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Apr 16, 2026

CVE-2005-3058

Description

Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.

Affected products

Fortinet/Fortigate
cpe:2.3:h:fortinet:fortigate:2.8:*:*:*:*:*:*:*
Fortinet/Fortios
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Range: <=2.8_mr10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18844nvdVendor Advisory
www.vupen.com/english/advisories/2006/0539nvdVendor Advisory
lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.htmlnvd
www.fortiguard.com/advisory/FGA-2006-10.htmlnvd
www.securityfocus.com/archive/1/424858/100/0/threadednvd
www.securityfocus.com/bid/16599nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24626nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000