An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-250 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2023-01-03 09:15
Updated : 2023-01-09 18:31
NVD link : CVE-2022-42471
Mitre link : CVE-2022-42471
JSON object : View
CWE
Products Affected
fortinet
- fortiweb