vulnerability
Fortinet FortiManager: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (CVE-2021-32598)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | Aug 5, 2021 | Aug 17, 2021 | Feb 5, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
Aug 5, 2021
Added
Aug 17, 2021
Modified
Feb 5, 2025
Description
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
Solutions
fortinet-fortimanager-upgrade-5_6_9fortinet-fortimanager-upgrade-6_0_11fortinet-fortimanager-upgrade-6_2_8fortinet-fortimanager-upgrade-6_4_6fortinet-fortimanager-upgrade-7_0_1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.