How severe is CVE-2022-42471?

CVE-2022-42471 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2022-42471

Name: fortiweb
Author: fortinet

5.4MEDIUM

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb

公開日: 1/3/2023更新日: 11/21/2024

説明

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

AI分析AIによる分析

影響を受ける製品

fortinetfortiweb

6.4.0

fortinetfortiweb

6.4.1

fortinetfortiweb

6.4.2

fortinetfortiweb

7.0.0

fortinetfortiweb

7.0.1

fortinetfortiweb

7.0.2

参照

https://fortiguard.com/psirt/FG-IR-22-250
PatchVendor Advisory
https://fortiguard.com/psirt/FG-IR-22-250
PatchVendor Advisory