FortiOS DoS on webUI through 'params' JSON parameter
An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json) , which can cause the web user interface to be temporarily unresponsive.
Denial of Service (DoS)
FortiOS 5.4.0 to 5.4.5
Versions below 5.4.0 are not affected.
Upgrade to FortiOS 5.4.6 or above.
Fortinet is pleased to thank Cody ( https://code610.blogspot.com ) for reporting this vulnerability under responsible disclosure