CVE-2024-23692 - Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
项目:Rejetto
产品:HTTP File Server
添加日期:2024-07-09到期日:2024-07-30最后更新:June 21, 2025
漏洞名称
Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
描述
Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.
已知用于勒索软件活动吗?
Unknown
采集行动
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
其他说明
The patched Rejetto HTTP File Server (HFS) is version 3: https://github.com/rejetto/hfs?tab=readme-ov-file#installation, https://www.rejetto.com/hfs/
https://nvd.nist.gov/vuln/detail/CVE-2024-23692
相关新闻文章
Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY MalwareJuly 23, 2024
Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView PlusJuly 4, 2024
Hackers attack HFS servers to drop malware and Monero minersJuly 4, 2024