FortiWeb - header injection in FortiWeb API
Summary
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary headers.
Version | Affected | Solution |
---|---|---|
FortiWeb 7.2 | Not affected | Not Applicable |
FortiWeb 7.0 | 7.0.0 through 7.0.2 | Upgrade to 7.0.3 or above |
FortiWeb 6.4 | 6.4 all versions | Migrate to a fixed release |
FortiWeb 6.3 | 6.3.6 through 6.3.23 | Migrate to a fixed release |