Lucene search

[email protected]NVD:CVE-2024-1064

HistoryFeb 03, 2024 - 9:15 a.m.

CVE-2024-1064

2024-02-0309:15:11

CWE-644

CWE-116

[email protected]

web.nvd.nist.gov

host header injection

remote attacker

denial of service

http handler component

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.8%

JSON

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header

Affected configurations

Nvd

Node

craftycontrolcrafty_controllerRange4.0.0–4.2.2

VendorProductVersionCPE
craftycontrolcrafty_controller*cpe:2.3:a:craftycontrol:crafty_controller:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
craftycontrol	crafty_controller	*	cpe:2.3:a:craftycontrol:crafty_controller::::::::

References

gitlab.com/crafty-controller/crafty-4/-/issues/327

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.8%

JSON

Related for NVD:CVE-2024-1064

vulnrichment1 cve1 cvelist1 prion1 osv1