How severe is CVE-2022-42471?

CVE-2022-42471 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2022-42471

Name: fortiweb
Author: fortinet

5.4MEDIUM

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb

Publicado: 1/3/2023Atualizado: 11/21/2024

Descrição

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

Análise IADesenvolvido por IA

Produtos Afetados

fortinetfortiweb

6.4.0

fortinetfortiweb

6.4.1

fortinetfortiweb

6.4.2

fortinetfortiweb

7.0.0

fortinetfortiweb

7.0.1

fortinetfortiweb

7.0.2

Referências

https://fortiguard.com/psirt/FG-IR-22-250
PatchVendor Advisory
https://fortiguard.com/psirt/FG-IR-22-250
PatchVendor Advisory