Description

Rejetto HTTP File Server has a template injection vulnerability. An unauthenticated attacker can execute arbitrary commands on the affected system by sending a specially crafted HTTP request.

Remediation

Upgrade to the latest version of Rejetto HTTP File Server.

References

Rejetto HTTP File Server 2.3m Unauthenticated RCE

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5319)

Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)

Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3260)

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17565)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2024-11236)

Severity

Critical

Classification

CVE-2024-23692 CWE-1336 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities