N/A

A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)

Fortinet FortiOS 注入漏洞

Fortinet FortiOS是美国飞塔（Fortinet）公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet部分产品存在安全漏洞。攻击者利用该漏洞执行 HTTP 请求。以下产品及版本受到影响：Fortinet FortiOS 7.2.0版本至7.2.2版本、7.0.0版本至7.0.8版本、6.4.0版本至6.4.11版本、6.2.0版本至6.2.12版本、6.0.0版本至

N/A

N/A