CVE-2022-42471

Medium

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0…

fortinet·CWE-113·Published 2023-01-03

CVSS

5.4

EPSS

0.00

KEV

Exploits

cve.orgen

305 chars

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

NVDen

305 chars

NVDes

312 chars

Una vulnerabilidad de neutralización incorrecta de secuencias CRLF en encabezados HTTP ('División de respuesta HTTP') [CWE-113] en FortiWeb versión 7.0.0 a 7.0.2, FortiWeb versión 6.4.0 a 6.4.2, FortiWeb versión 6.3.6 a 6.3 .20 puede permitir que un atacante remoto y autenticado inyecte encabezados arbitrarios.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:F/RL:U/RC:C