CVE-2022-42471
5.4MEDIUMAn improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb
Опубликовано: 1/3/2023Обновлено: 11/21/2024
Описание
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.
ИИ-АнализНа базе ИИ
Затронутые продукты
fortinetfortiweb
fortinetfortiweb
6.4.0
fortinetfortiweb
6.4.1
fortinetfortiweb
6.4.2
fortinetfortiweb
7.0.0
fortinetfortiweb
7.0.1
fortinetfortiweb
7.0.2
Ссылки
- https://fortiguard.com/psirt/FG-IR-22-250PatchVendor Advisory
- https://fortiguard.com/psirt/FG-IR-22-250PatchVendor Advisory