Rejetto HTTP File Server 2.x Remote Code Execution

critical Web App Scanning Plugin ID 114299

Synopsis

Rejetto HTTP File Server 2.x Remote Code Execution

Description

Rejetto HTTP File Server 2.x, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.

Solution

Upgrade to Rejetto HTTP File Server 3 or later.

See Also

https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/

Plugin Details

Severity: Critical

ID: 114299

Type: remote

Published: 6/14/2024

Updated: 6/14/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-23692

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2024-23692

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/25/2024

CISA Known Exploited Vulnerability Due Dates: 7/30/2024

Reference Information

CVE: CVE-2024-23692