CVE-2022-42472
First published: Thu Feb 16 2023(Updated: )
A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy | >=2.0.0<=2.0.10 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.7 | |
| Fortinet FortiProxy | =7.2.0 | |
| Fortinet FortiProxy | =7.2.1 | |
| Fortinet FortiOS | >=6.0.1<=6.0.16 | |
| Fortinet FortiOS | >=6.2.0<=6.2.12 | |
| Fortinet FortiOS | >=6.4.0<=6.4.11 | |
| Fortinet FortiOS | >=7.0.0<=7.0.8 | |
| Fortinet FortiOS | =7.2.0 | |
| Fortinet FortiOS | =7.2.1 | |
| Fortinet FortiOS | =7.2.2 |
Remedy
Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.11 or above Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability CVE-2022-42472?
The vulnerability CVE-2022-42472 is an improper neutralization of CRLF sequences in HTTP headers, also known as HTTP response splitting, in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10.
How severe is the vulnerability CVE-2022-42472?
The vulnerability CVE-2022-42472 has a severity rating of 5.4 (medium).
Which software versions are affected by CVE-2022-42472?
The software versions affected by CVE-2022-42472 are Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, and FortiProxy versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10.
How can I fix the vulnerability CVE-2022-42472?
To fix the vulnerability CVE-2022-42472, it is recommended to update to the latest patched version of Fortinet FortiOS or FortiProxy.
Where can I find more information about CVE-2022-42472?
You can find more information about CVE-2022-42472 on the Fortiguard website at: [https://fortiguard.com/psirt/FG-IR-22-362](https://fortiguard.com/psirt/FG-IR-22-362)
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/remedy
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.13
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.10
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.7
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.1
- canonical/fortinet fortios
- version/fortinet fortios/6.0.1
- version/fortinet fortios/6.0.16
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.12
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.11
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.8
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.1
- version/fortinet fortios/7.2.2