CVE-2024-23692

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*

History

14 Aug 2024, 16:59

Type Values Removed Values Added
References () https://vulncheck.com/advisories/rejetto-unauth-rce - Third Party Advisory () https://vulncheck.com/advisories/rejetto-unauth-rce - Exploit, Third Party Advisory

10 Jul 2024, 14:05

Type Values Removed Values Added
CPE cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*
References () https://github.com/rapid7/metasploit-framework/pull/19240 - () https://github.com/rapid7/metasploit-framework/pull/19240 - Exploit, Issue Tracking
References () https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/ - () https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/ - Exploit
References () https://vulncheck.com/advisories/rejetto-unauth-rce - () https://vulncheck.com/advisories/rejetto-unauth-rce - Third Party Advisory
CWE CWE-94
First Time Rejetto
Rejetto http File Server

07 Jun 2024, 17:15

Type Values Removed Values Added
References
  • () https://github.com/rapid7/metasploit-framework/pull/19240 -

06 Jun 2024, 15:15

Type Values Removed Values Added
Summary
  • (es) Rejetto HTTP File Server, hasta la versión 2.3m incluida, es vulnerable a una vulnerabilidad de inyección de plantilla. Esta vulnerabilidad permite que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema afectado enviando una solicitud HTTP especialmente manipulada. A partir de la fecha de asignación de CVE, Rejetto HFS 2.3m ya no es compatible.

31 May 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-31 10:15

Updated : 2024-08-14 16:59


NVD link : CVE-2024-23692

Mitre link : CVE-2024-23692

CVE.ORG link : CVE-2024-23692


JSON object : View

Products Affected

rejetto

  • http_file_server
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine