VYPR
Unrated severityNVD Advisory· Published Jan 3, 2023· Updated Oct 22, 2024

CVE-2022-42471

CVE-2022-42471

Description

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

Affected products

2
  • Fortinet/Fortiwebllm-fuzzy2 versions
    7.0.0-7.0.2, 6.4.0-6.4.2, 6.3.6-6.3.20+ 1 more
    • (no CPE)range: 7.0.0-7.0.2, 6.4.0-6.4.2, 6.3.6-6.3.20
    • (no CPE)range: 7.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.