A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 up to and including 7.2.2, 7.0.0 up to and including 7.0.8, 6.4.0 up to and including 6.4.11, 6.2.0 up to and including 6.2.12, 6.0.0 up to and including 6.0.16, FortiProxy 7.2.0 up to and including 7.2.1, 7.0.0 up to and including 7.0.7, 2.0.0 up to and including 2.0.10, 1.2.0 up to and including 1.2.13, 1.1.0 up to and including 1.1.6 may allow an authenticated and remote malicious user to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy |
||
fortinet fortiproxy 7.2.0 |
||
fortinet fortiproxy 7.2.1 |
||
fortinet fortios 7.2.0 |
||
fortinet fortios |
||
fortinet fortios 7.2.1 |
||
fortinet fortios 7.2.2 |