CVE-2024-1064

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-644
View all →

Vulnerability Description

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header

Related Vulnerabilities

CVE-2021-21265

HIGH
CVSS:7.5(High)

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any requ...

CWE-6442021

CVE-2023-36921

HIGH
CVSS:7.2(High)

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On ...

CWE-6442023

CVE-2022-22399

MEDIUM
CVSS:6.5(Medium)

IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against th...

CWE-6442022

CVE-2017-6031

HIGH
CVSS:8.8(High)

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may all...

CWE-6442017

CVE-2020-6982

HIGH
CVSS:8.8(High)

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.

CWE-6442020

CVE-2023-32465

HIGH
CVSS:8.8(High)

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery...

CWE-6442023