CVE-2022-42471
MEDIUM WAF: High
CVSS 5.4
Published: 2023-01-03
CWE-113
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attackerĀ to inject arbitrary headers.
WAF Coverage Analysis
HTTP Response Splitting
High WAF Coverage
OWASP: A03:2021 Injection
921xxx - Protocol Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortiweb | 6.3.6 - 6.3.21 |
| fortinet | fortiweb | 6.4.0 |
| fortinet | fortiweb | 6.4.1 |
| fortinet | fortiweb | 6.4.2 |
| fortinet | fortiweb | 7.0.0 |
| fortinet | fortiweb | 7.0.1 |
| fortinet | fortiweb | 7.0.2 |
References
- fortiguard.com (Patch, Vendor Advisory)