How severe is CVE-2022-42471?

CVE-2022-42471 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2022-42471

Name: fortiweb
Author: fortinet

5.4MEDIUM

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb

Published: 1/3/2023Updated: 11/21/2024

Description

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

AI AnalysisPowered by AI

Affected Products

fortinetfortiweb

6.4.0

fortinetfortiweb

6.4.1

fortinetfortiweb

6.4.2

fortinetfortiweb

7.0.0

fortinetfortiweb

7.0.1

fortinetfortiweb

7.0.2

References

https://fortiguard.com/psirt/FG-IR-22-250
PatchVendor Advisory
https://fortiguard.com/psirt/FG-IR-22-250
PatchVendor Advisory