An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers.
References
Link | Resource |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-24-282 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2025, 16:03
Type | Values Removed | Values Added |
---|---|---|
CWE |
06 Aug 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers. |
03 Feb 2025, 22:04
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
First Time |
Fortinet fortiproxy
Fortinet Fortinet fortios |
|
References | () https://fortiguard.fortinet.com/psirt/FG-IR-24-282 - Vendor Advisory | |
CPE | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
|
CWE | CWE-436 |
14 Jan 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-01-14 14:15
Updated : 2025-08-08 16:03
NVD link : CVE-2024-54021
Mitre link : CVE-2024-54021
CVE.ORG link : CVE-2024-54021
JSON object : View
Products Affected
fortinet
- fortios
- fortiproxy
CWE
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')