ID

VAR-202301-0387


CVE

CVE-2022-42471


TITLE

FortiWeb  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001487

DESCRIPTION

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. FortiWeb Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-42471 // JVNDB: JVNDB-2023-001487 // VULHUB: VHN-439112 // VULMON: CVE-2022-42471

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.6

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.3.21

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.1

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.6 to 6.3.20

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.0 to 7.0.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0 to 6.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-001487 // NVD: CVE-2022-42471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42471
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2022-42471
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2023-001487
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202301-130
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-42471
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-001487
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001487 // CNNVD: CNNVD-202301-130 // NVD: CVE-2022-42471 // NVD: CVE-2022-42471

PROBLEMTYPE DATA

problemtype:CWE-113

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-001487 // NVD: CVE-2022-42471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-130

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-130

PATCH

title:FG-IR-22-250url:https://www.fortiguard.com/psirt/FG-IR-22-250

Trust: 0.8

title:Fortinet FortiWeb Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=220846

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-42471

Trust: 0.1

sources: VULMON: CVE-2022-42471 // JVNDB: JVNDB-2023-001487 // CNNVD: CNNVD-202301-130

EXTERNAL IDS

db:NVDid:CVE-2022-42471

Trust: 3.4

db:JVNDBid:JVNDB-2023-001487

Trust: 0.8

db:CNNVDid:CNNVD-202301-130

Trust: 0.6

db:VULHUBid:VHN-439112

Trust: 0.1

db:VULMONid:CVE-2022-42471

Trust: 0.1

sources: VULHUB: VHN-439112 // VULMON: CVE-2022-42471 // JVNDB: JVNDB-2023-001487 // CNNVD: CNNVD-202301-130 // NVD: CVE-2022-42471

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-250

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-42471

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-42471/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2022-42471

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-439112 // VULMON: CVE-2022-42471 // JVNDB: JVNDB-2023-001487 // CNNVD: CNNVD-202301-130 // NVD: CVE-2022-42471

SOURCES

db:VULHUBid:VHN-439112
db:VULMONid:CVE-2022-42471
db:JVNDBid:JVNDB-2023-001487
db:CNNVDid:CNNVD-202301-130
db:NVDid:CVE-2022-42471

LAST UPDATE DATE

2024-08-14T15:21:26.437000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-439112date:2023-01-10T00:00:00
db:VULMONid:CVE-2022-42471date:2023-01-04T00:00:00
db:JVNDBid:JVNDB-2023-001487date:2023-04-11T08:22:00
db:CNNVDid:CNNVD-202301-130date:2023-01-11T00:00:00
db:NVDid:CVE-2022-42471date:2023-11-07T03:53:21.900

SOURCES RELEASE DATE

db:VULHUBid:VHN-439112date:2023-01-03T00:00:00
db:VULMONid:CVE-2022-42471date:2023-01-03T00:00:00
db:JVNDBid:JVNDB-2023-001487date:2023-04-11T00:00:00
db:CNNVDid:CNNVD-202301-130date:2023-01-03T00:00:00
db:NVDid:CVE-2022-42471date:2023-01-03T17:15:10.533