CVE-2014-1956

EUVD-2014-2009
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
fortinetfortiweb
𝑥
≤ 5.0.2
𝑥
= Vulnerable software versions
References
http://www.fortiguard.com/advisory/FG-IR-13-009/
http://www.fortiguard.com/advisory/FG-IR-13-009/