FortiWeb - header injection in FortiWeb API
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary headers.
Affected ProductsFortiWeb version 7.0.0 through 7.0.2
FortiWeb version 6.4.0 through 6.4.2
FortiWeb version 6.3.6 through 6.3.20
SolutionsPlease upgrade to FortiWeb version 7.2.0 or above
Please upgrade to FortiWeb version 7.0.3 or above