CVE-2024-54021

Medium

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0…

fortinet·CWE-113·Published 2025-01-14

CVSS

5.8

EPSS

0.01

KEV

Exploits

cve.orgen

280 chars

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers.

NVDen

280 chars

NVDes

272 chars

Una neutralización incorrecta de las secuencias crlf en los encabezados http ("división de respuesta http") en Fortinet FortiOS 7.2.0 a 7.6.0, FortiProxy 7.2.0 a 7.4.5 permite a un atacante ejecutar código o comandos no autorizados a través del encabezado HTTP manipulado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.4	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:F/RL:X/RC:C
3.1	Primary	cve.org	6.4	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:F/RL:X/RC:C
3.1	Primary	NVD	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
3.1	Secondary	NVD	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L