Security Advisory

CVE-2022-42472

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-16 18:07:00

Last updated 2024-10-22 20:49:22

Assigner fortinet

State PUBLISHED

Description

A improper neutralization of crlf sequences in http headers (http response splitting) in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.

← Browse all CVEs View on cve.org ↗