Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-54021

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers.

Published

2025-01-14T14:15:34.287

Last Modified

2025-08-08T16:03:42.983

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-113

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiproxy	< 7.2.12	Yes
Application	fortinet	fortiproxy	< 7.4.6	Yes
Operating System	fortinet	fortios	< 7.2.9	Yes
Operating System	fortinet	fortios	< 7.4.5	Yes
Operating System	fortinet	fortios	7.6.0	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-282 Vendor Advisory ([email protected])