{"api_version":"1","generated_at":"2026-05-09T12:57:16+00:00","cve":"CVE-2018-13376","urls":{"html":"https://cve.report/CVE-2018-13376","api":"https://cve.report/api/cve/CVE-2018-13376.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-13376","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-13376"},"summary":{"title":"CVE-2018-13376","description":"An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.","state":"PUBLIC","assigner":"psirt@fortinet.com","published_at":"2018-11-27 15:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-18-325","name":"https://fortiguard.com/advisory/FG-IR-18-325","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Uninitialized memory buffer leak in FortiOS explicit web proxy | FortiGuard","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106036","name":"106036","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt","name":"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-13376","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13376","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"13376","vulnerable":"1","versionEndIncluding":"5.2.12","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortios","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"13376","vulnerable":"1","versionEndIncluding":"5.4.7","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortios","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"13376","vulnerable":"1","versionEndIncluding":"5.6.3","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortios","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@fortinet.com","ID":"CVE-2018-13376","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Fortinet FortiOS","version":{"version_data":[{"version_value":"FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions"}]}}]},"vendor_name":"Fortinet, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"name":"106036","refsource":"BID","url":"http://www.securityfocus.com/bid/106036"},{"name":"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt","refsource":"MISC","url":"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"},{"name":"https://fortiguard.com/advisory/FG-IR-18-325","refsource":"CONFIRM","url":"https://fortiguard.com/advisory/FG-IR-18-325"}]}},"nvd":{"publishedDate":"2018-11-27 15:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionEndIncluding":"5.2.12","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.6","versionEndIncluding":"5.4.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.1","versionEndIncluding":"5.6.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"13376","Ordinal":"130025","Title":"CVE-2018-13376","CVE":"CVE-2018-13376","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"13376","Ordinal":"1","NoteData":"An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"13376","Ordinal":"2","NoteData":"2018-11-27","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"13376","Ordinal":"3","NoteData":"2018-12-17","Type":"Other","Title":"Modified"}]}}}