An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attackerĀ to inject arbitrary headers.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-250 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2023-01-03T16:58:16.051Z
Updated:
Reserved: 2022-10-07T14:05:36.300Z
Link: CVE-2022-42471
JSON object: View
NVD Information
Status : Modified
Published: 2023-01-03T17:15:10.533
Modified: 2023-11-07T03:53:21.900
Link: CVE-2022-42471
JSON object: View
Redhat Information
No data.