vulnerability
Fortinet FortiManager: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (CVE-2021-32598)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | 2021-08-05 | 2021-08-17 | 2025-02-05 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
2021-08-05
Added
2021-08-17
Modified
2025-02-05
Description
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
Solution(s)
fortinet-fortimanager-upgrade-5_6_9fortinet-fortimanager-upgrade-6_0_11fortinet-fortimanager-upgrade-6_2_8fortinet-fortimanager-upgrade-6_4_6fortinet-fortimanager-upgrade-7_0_1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.