WEB Rejetto HTTP File Server Server Side Template Injection -2 (CVE-2024-23692)

Rule ID

1235114

Severity

High

Description

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process.

Impact

Remote command execution

Recommendation

Update vendor's patch.

IPS Category

Web threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2024-23692

EDB-37985

msf

T1059

Keywords

N/A

Date Created

2024/06/18

Last Updated

2024/07/03

This website uses cookies to ensure you get the best experience on our website.

Learn more