A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-362 |
History
Tue, 22 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-02-16T18:07:00.188Z
Updated: 2024-10-22T20:49:22.231Z
Reserved: 2022-10-07T14:05:36.301Z
Link: CVE-2022-42472
Vulnrichment
Updated: 2024-08-03T13:10:41.008Z
NVD
Status : Modified
Published: 2023-02-16T19:15:13.583
Modified: 2023-11-07T03:53:22.160
Link: CVE-2022-42472
Redhat
No data.