VYPR
Unrated severityNVD Advisory· Published Feb 16, 2023· Updated Oct 22, 2024

CVE-2022-42472

CVE-2022-42472

Description

A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.

Affected products

4
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    1.1.0 through 1.1.13, 1.2.0 through 1.2.13, 2.0.0 through 2.0.10, 7.0.0 through 7.0.7, 7.2.0 through 7.2.1+ 1 more
    • (no CPE)range: 1.1.0 through 1.1.13, 1.2.0 through 1.2.13, 2.0.0 through 2.0.10, 7.0.0 through 7.0.7, 7.2.0 through 7.2.1
    • (no CPE)range: 7.2.0
  • Fortinet/Fortiosllm-fuzzy2 versions
    6.0.0 through 6.0.16, 6.2.0 through 6.2.12, 6.4.0 through 6.4.11, 7.0.0 through 7.0.8, 7.2.0 through 7.2.2+ 1 more
    • (no CPE)range: 6.0.0 through 6.0.16, 6.2.0 through 6.2.12, 6.4.0 through 6.4.11, 7.0.0 through 7.0.8, 7.2.0 through 7.2.2
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.