Description

Rejetto HTTP File Server has a template injection vulnerability. An unauthenticated attacker can execute arbitrary commands on the affected system by sending a specially crafted HTTP request.

Remediation

Upgrade to the latest version of Rejetto HTTP File Server.

References

Rejetto HTTP File Server 2.3m Unauthenticated RCE

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2222)

PrestaShop CVE-2018-13784 Vulnerability (CVE-2018-13784)

MySQL CVE-2016-3495 Vulnerability (CVE-2016-3495)

WebLogic CVE-2020-14841 Vulnerability (CVE-2020-14841)

IBM WebSEAL Improper Certificate Validation Vulnerability (CVE-2019-4150)

Severity

Critical

Classification

CVE-2024-23692 CWE-1336 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities