Description

Rejetto HTTP File Server has a template injection vulnerability. An unauthenticated attacker can execute arbitrary commands on the affected system by sending a specially crafted HTTP request.

Remediation

Upgrade to the latest version of Rejetto HTTP File Server.

References

Rejetto HTTP File Server 2.3m Unauthenticated RCE

Related Vulnerabilities

OpenSSL Resource Management Errors Vulnerability (CVE-2012-0027)

Oracle Database Server CVE-2009-1985 Vulnerability (CVE-2009-1985)

XOOPS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3822)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-3227)

XWiki Missing Authorization Vulnerability (CVE-2022-31167)

Severity

Critical

Classification

CVE-2024-23692 CWE-1336 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities