An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 up to and including 7.0.2, FortiWeb version 6.4.0 up to and including 6.4.2, FortiWeb version 6.3.6 up to and including 6.3.20 may allow an authenticated and remote malicious user to inject arbitrary headers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiweb 6.4.0 |
||
fortinet fortiweb 6.4.1 |
||
fortinet fortiweb 6.4.2 |
||
fortinet fortiweb 7.0.0 |
||
fortinet fortiweb 7.0.1 |
||
fortinet fortiweb 7.0.2 |
||
fortinet fortiweb |