CVE-2022-42471
5.4MEDIUMAn improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb
Publicado: 1/3/2023Actualizado: 11/21/2024
Descripción
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.
Análisis IAImpulsado por IA
Productos Afectados
fortinetfortiweb
fortinetfortiweb
6.4.0
fortinetfortiweb
6.4.1
fortinetfortiweb
6.4.2
fortinetfortiweb
7.0.0
fortinetfortiweb
7.0.1
fortinetfortiweb
7.0.2
Referencias
- https://fortiguard.com/psirt/FG-IR-22-250PatchVendor Advisory
- https://fortiguard.com/psirt/FG-IR-22-250PatchVendor Advisory