Rejetto HTTP File Server SSTI RCE (CVE-2024-23692) - Vulnerability Database

Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)

Description

Rejetto HTTP File Server has a template injection vulnerability. An unauthenticated attacker can execute arbitrary commands on the affected system by sending a specially crafted HTTP request.

Remediation

Upgrade to the latest version of Rejetto HTTP File Server.

References

Rejetto HTTP File Server 2.3m Unauthenticated RCE

Related Vulnerabilities

Severity

Critical

Classification

CVE-2024-23692

CWE-1336

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N