CVE-2024-1064

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/crafty-controller/crafty-4/-/issues/327	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:craftycontrol:crafty_controller:*:*:*:*:*:*:*:*

History

12 Feb 2024, 18:42

Type	Values Removed	Values Added
CWE		CWE-116
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:craftycontrol:crafty_controller::::::::
First Time		Craftycontrol crafty Controller Craftycontrol
References	~~() https://gitlab.com/crafty-controller/crafty-4/-/issues/327 -~~	() https://gitlab.com/crafty-controller/crafty-4/-/issues/327 - Exploit, Issue Tracking

03 Feb 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-03 09:15

Updated : 2024-02-12 18:42

NVD link : CVE-2024-1064

Mitre link : CVE-2024-1064

JSON object : View

Products Affected

craftycontrol

crafty_controller

CWE

CWE-116

Improper Encoding or Escaping of Output

7.5 /10