Headline
CVE-2022-42472: Fortiguard
A improper neutralization of crlf sequences in http headers (‘http response splitting’) in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
Search Threat Advisories
Normal
Exact Match
CVE Lookup example: ‘CVE-2017-2991 or 2017-2991’
ID Lookup example: ‘7329428’
Zero-Day Lookup example: ‘FG-VD-16-088’
PSIRT Lookup example: ‘FG-IR-16-080’
Antispam Lookup example: ‘192.168.0.1’
Outbreak Alert Lookup example: ‘SolarWinds’
IP/Domain/URL Lookup example: ‘192.168.0.1’
Related news
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.