Lucene search
FortiGuard LabsFG-IR-22-362HistoryFeb 16, 2023 - 12:00 a.m.
Protect
2023-02-1600:00:00
FortiGuard Labs
www.fortiguard.com
39
http response splitting
fortios
fortiproxy
authenticated
remote attacker
inject arbitrary headers
0.001 Low
EPSS
Percentile
32.9%
An improper neutralization of CRLF sequences in HTTP headers (‘HTTP Response Splitting’) vulnerability [CWE-113] in FortiOS and FortiProxy may allow an authenticated and remote attacker to inject arbitrary headers.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fortiproxy | eq | 7.2.1 | |
| fortiproxy | eq | 7.2.0 | |
| fortiproxy | eq | 7.0.7 | |
| fortiproxy | eq | 7.0.6 | |
| fortiproxy | eq | 7.0.5 | |
| fortiproxy | eq | 7.0.4 | |
| fortiproxy | eq | 7.0.3 | |
| fortiproxy | eq | 7.0.2 | |
| fortiproxy | eq | 7.0.1 | |
| fortiproxy | eq | 7.0.0 |
Related
prion
prion
Crlf injection
2023-02-16 19:15:00
cve
cve
CVE-2022-42472
2023-02-16 19:15:13
nvd
nvd
CVE-2022-42472
2023-02-16 19:15:13
nessus
nessus
Fortinet Fortigate - header injection in proxy login page (FG-IR-22-362)
2023-04-17 00:00:00
cvelist
cvelist
CVE-2022-42472
2023-02-16 18:07:00