CVE-2019-17657: 
Apache HTTP Server vulnerability analysis and mitigation

An Uncontrolled Resource Consumption vulnerability, identified as CVE-2019-17657, affects multiple Fortinet products including FortiSwitch (versions below 3.6.11, 6.0.6, and 6.2.2), FortiAnalyzer (below 6.2.3), FortiManager (below 6.2.3), and FortiAP-S/W2 (below 6.2.2). The vulnerability was discovered and disclosed in October 2019, specifically affecting the admin webUI interface of these products (MITRE CVE).

The vulnerability is classified as an Uncontrolled Resource Consumption issue that manifests through the handling of specially crafted HTTP requests/responses in pieces slowly. This technique is commonly known as Slow HTTP DoS Attacks, where the attacker manipulates the HTTP protocol to maintain connections open with minimal resources while exhausting the target's resources (Debian Tracker).

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition specifically targeting the admin webUI interface of the affected Fortinet products. This can prevent legitimate administrators from accessing and managing the devices through their web interface (MITRE CVE).

Fortinet has released security patches to address this vulnerability. Users are advised to upgrade to FortiSwitch version 3.6.11, 6.0.6, or 6.2.2 or later; FortiAnalyzer and FortiManager to version 6.2.3 or later; and FortiAP-S/W2 to version 6.2.2 or later (Fortiguard PSIRT).