CVE-2024-1064
HIGHDescription
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header
Is your site exposed to CVE-2024-1064?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| craftycontrol | crafty_controller |
References
Frequently Asked Questions
What is CVE-2024-1064? +
How severe is CVE-2024-1064? +
What products are affected by CVE-2024-1064? +
How do I check if I'm vulnerable to CVE-2024-1064? +
Related Vulnerabilities
Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially …
Craft CMS is a content management system (CMS). Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior …
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of …
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into …
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass …
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which …