vulnerability

Fortinet FortiAnalyzer: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CVE-2021-32598)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Aug 5, 2021

Added

Aug 16, 2021

Modified

Apr 7, 2026

Description

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.

Solution

fortinet-fortianalyzer-upgrade-7_0_1

References

CVE-2021-32598
https://attackerkb.com/topics/CVE-2021-32598
CWE-444
EUVD-EUVD-2021-19438
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-19438
https://fortiguard.com/advisory/FG-IR-21-063

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report