CVE-2024-23692

CVSS v3 9.8 (Critical)
EPSS 95.43 % (99th)
Affected Products 1
Advisories 1

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

Weaknesses
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE-94
Improper Control of Generation of Code ('Code Injection')
CNA
VulnCheck
disclosure@vulncheck.com
Published Date
2024-05-31 10:15:09
(6 weeks ago)
Updated Date
2024-07-12 11:15:11
(47 hours ago)
Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known to be Used in Ransomware Campaigns
Unknown
Notes
The patched Rejetto HTTP File Server (HFS) is version 3: https://github.com/rejetto/hfs?tab=readme-ov-file#installation, https://www.rejetto.com/hfs/
Vendor
Rejetto
Product
HTTP File Server
In CISA Catalog from
2024-07-09
(5 days ago)
Due Date
2024-07-30

Affected Products

Loading...
Loading...
Loading...

Configuration #1

    CPE23 From Up To
  Rejetto Http File Server 2.3m and prior versions cpe:2.3:a:rejetto:http_file_server <= 2.3m
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...