CVE-2024-54021
MEDIUM WAF: High
CVSS 5.8
Published: 2025-01-14
CWE-113
An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers.
WAF Coverage Analysis
HTTP Response Splitting
High WAF Coverage
OWASP: A03:2021 Injection
921xxx - Protocol Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortiproxy | 7.2.0 - 7.2.12 |
| fortinet | fortiproxy | 7.4.0 - 7.4.6 |
| fortinet | fortios | 7.2.0 - 7.2.9 |
| fortinet | fortios | 7.4.0 - 7.4.5 |
| fortinet | fortios | 7.6.0 |
References
- fortiguard.fortinet.com (Vendor Advisory)