CVE-2022-42471

Summary

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.0.0 <= 7.0.2affected
FortinetFortiWeb6.4.0 <= 6.4.2affected
FortinetFortiWeb6.3.6 <= 6.3.21affected

Weaknesses

  • CWE-113: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References