FortiOS & FortiProxy - header injection in proxy login page

Summary

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] in FortiOS and FortiProxy may allow an authenticated and remote attacker to inject arbitrary headers.

Affected Products

FortiProxy version 7.2.0 through 7.2.1
FortiProxy version 7.0.0 through 7.0.7
FortiProxy version 2.0.0 through 2.0.10
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.12
FortiOS 6.2 all versions
FortiOS 6.0 all versions

Solutions

Please upgrade to FortiOS version 7.2.3 or above
Please upgrade to FortiOS version 7.0.9 or above
Please upgrade to FortiOS version 6.4.13 or above
Please upgrade to FortiProxy version 7.2.2 or above
Please upgrade to FortiProxy version 7.0.8 or above
Please upgrade to FortiProxy version 2.0.11 or above

Acknowledgement

Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.