Accellion.FTA.display.parameter.CRLF.Injection
Description
It indicates an attacker attempted to exploit a CRLF Injection Vulnerability in Accellion FTA.
The vulnerability is due to insufficient input validation of the requests submitted to the vulnerable application. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in modified HTTP headers leading to unintended actions handled by the application.
Affected Products
Accellion FTA devices before FTA_9_12_180
Impact
Security Bypass: Remote attackers can modify HTTP headers, which can lead to other more malicious attacks
Recommended Actions
Please contact the vendor at the website below for updates to resolve this issue.
https://www.accellion.com/support
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-02-01 | 17.008 | Default_action:pass:drop |
2021-01-27 | 17.006 | |
2021-01-21 | 17.005 | |
2021-01-21 | 17.004 |