Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
References
Link | Resource |
---|---|
https://github.com/rapid7/metasploit-framework/pull/19240 | Exploit Issue Tracking |
https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/ | Exploit |
https://vulncheck.com/advisories/rejetto-unauth-rce | Exploit Third Party Advisory |
Configurations
History
14 Aug 2024, 16:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://vulncheck.com/advisories/rejetto-unauth-rce - Exploit, Third Party Advisory |
10 Jul 2024, 14:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:* | |
References | () https://github.com/rapid7/metasploit-framework/pull/19240 - Exploit, Issue Tracking | |
References | () https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/ - Exploit | |
References | () https://vulncheck.com/advisories/rejetto-unauth-rce - Third Party Advisory | |
CWE | CWE-94 | |
First Time |
Rejetto
Rejetto http File Server |
07 Jun 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jun 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
31 May 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-31 10:15
Updated : 2024-08-14 16:59
NVD link : CVE-2024-23692
Mitre link : CVE-2024-23692
CVE.ORG link : CVE-2024-23692
JSON object : View
Products Affected
rejetto
- http_file_server