A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
References
History

Tue, 22 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-02-16T18:07:00.188Z

Updated: 2024-10-22T20:49:22.231Z

Reserved: 2022-10-07T14:05:36.301Z

Link: CVE-2022-42472

cve-icon Vulnrichment

Updated: 2024-08-03T13:10:41.008Z

cve-icon NVD

Status : Modified

Published: 2023-02-16T19:15:13.583

Modified: 2023-11-07T03:53:22.160

Link: CVE-2022-42472

cve-icon Redhat

No data.