| IR Number | FG-IR-22-250 |
| Date | Jan 3, 2023 |
| Severity |
Medium |
| CVSSv3 Score | 5.3 |
| Impact | Execute unauthorized code or commands |
| Affected Products |
FortiWeb
:
7.0.2, 7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.22, 6.3.21, 6.3.20, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - header injection in FortiWeb API
Summary
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary headers.
Affected Products
FortiWeb version 7.0.0 through 7.0.2FortiWeb version 6.4.0 through 6.4.2
FortiWeb version 6.3.6 through 6.3.20
Solutions
Please upgrade to FortiWeb version 7.2.0 or abovePlease upgrade to FortiWeb version 7.0.3 or above