An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-250 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:53
Type | Values Removed | Values Added |
---|---|---|
Summary | An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. |
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 |
10 Jan 2023, 02:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other | |
First Time |
Fortinet fortiweb
Fortinet |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | (MISC) https://fortiguard.com/psirt/FG-IR-22-250 - Patch, Vendor Advisory |
03 Jan 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-03 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-42471
Mitre link : CVE-2022-42471
CVE.ORG link : CVE-2022-42471
JSON object : View
Products Affected
fortinet
- fortiweb